hendryadrian.com (Focus Mode)

Summary: Threat actors are exploiting a critical remote command execution vulnerability (CVE-2024-50603) in Aviatrix Controller instances to install backdoors and crypto miners. This vulnerability allows attackers to execute commands without authentication, posing significant risks to cloud environments.

Threat Actor: Unknown | unknown
Victim: Aviatrix Controller users | Aviatrix Controller

Key Point :

The vulnerability is caused by inadequate input sanitization in API actions, allowing remote command execution.
Active exploitation has been reported, with attackers using the flaw to install Sliver backdoors and mine Monero cryptocurrency.
Users are advised to upgrade to versions 7.1.4191 or 7.2.4996 to mitigate the risk.
65% of environments with the Aviatrix Controller have potential paths for lateral movement to administrative permissions.
It is crucial for users to ensure that port 443 is not exposed to the internet and to follow access guidelines to minimize attack surface.

Source: https://www.bleepingcomputer.com/news/security/hackers-exploit-critical-aviatrix-controller-rce-flaw-in-attacks/