Summary: A critical remote code execution vulnerability (CVE-2024-50603) in Aviatrix Controller is being actively exploited by threat actors to deploy malware, including cryptocurrency miners. This vulnerability allows unauthenticated attackers to execute arbitrary code with high privileges on the cloud networking platform.
Threat Actor: Unknown | unknown
Victim: Aviatrix Controller | Aviatrix Controller
Key Point :
- The vulnerability has a CVSS score of 10/10 and affects specific API endpoints implemented in PHP.
- Wiz has identified successful exploitation of the vulnerability across multiple AWS cloud environments.
- Approximately 3% of cloud enterprise environments utilize Aviatrix Controller, with 65% of those having potential lateral movement paths to administrative permissions.
- Organizations are urged to update their Aviatrix Controller instances to versions 7.1.4191 or 7.2.4996 or later to mitigate risks.