Summary: A critical command injection vulnerability (CVE-2024-50603) has been discovered in Aviatrix Network Controller, allowing unauthenticated attackers to execute arbitrary code remotely. This vulnerability affects versions 7.x through 7.2.4820 and has been assigned a maximum CVSS score of 10.0.
Threat Actor: Unauthenticated attackers | unauthenticated attackers
Victim: Aviatrix Network Controller users | Aviatrix Network Controller
Key Point :
- Vulnerability allows remote code execution due to improper input sanitization.
- Exploits can lead to data exfiltration and full system compromise.
- 681 publicly exposed Aviatrix Controllers were identified, emphasizing the need for urgent patching.
- Aviatrix has released a patch in version 7.2.4996 to address the vulnerability.