Summary: A critical security flaw in the Aviatrix Controller cloud networking platform, identified as CVE-2024-50603, is being actively exploited to deploy backdoors and cryptocurrency miners. The vulnerability allows for unauthenticated remote code execution, posing significant risks to cloud environments.
Threat Actor: Unknown | unknown
Victim: Cloud enterprises | cloud enterprises
Key Point :
- The vulnerability has a CVSS score of 10.0, indicating maximum severity.
- Exploitation can lead to privilege escalation and unauthorized access to cloud control plane permissions.
- Real-world attacks are using the vulnerability to mine cryptocurrency and deploy command-and-control frameworks.
- Users are urged to apply patches immediately and restrict public access to the Aviatrix Controller.
Source: https://thehackernews.com/2025/01/hackers-exploit-aviatrix-controller.html