Summary: Threat actors are exploiting a critical remote command execution vulnerability (CVE-2024-50603) in Aviatrix Controller instances to install backdoors and crypto miners. This vulnerability allows attackers to execute commands without authentication, posing significant risks to cloud environments.
Threat Actor: Unknown | unknown
Victim: Aviatrix Controller users | Aviatrix Controller
Key Point :
- The vulnerability is caused by inadequate input sanitization in API actions, allowing remote command execution.
- Active exploitation has been reported, with attackers using the flaw to install Sliver backdoors and mine Monero cryptocurrency.
- Users are advised to upgrade to versions 7.1.4191 or 7.2.4996 to mitigate the risk.
- 65% of environments with the Aviatrix Controller have potential paths for lateral movement to administrative permissions.
- It is crucial for users to ensure that port 443 is not exposed to the internet and to follow access guidelines to minimize attack surface.