Overview
A critical security vulnerability has been discovered in the Aviatrix Controller cloud networking platform, identified as CVE-2024-50603 with a CVSS score of 10.0. The flaw enables unauthenticated remote code execution through inadequately sanitized API endpoints
Whom it may concern
- Cloud infrastructure administrators
- Security operations teams
- Cloud security architects
- Federal civilian agencies (FCEB)
Key Findings
- Active exploitation observed deploying XMRig cryptocurrency miners
- 65% of deployments show lateral movement paths to admin privileges
- Sliver C2 framework being deployed for persistence
- Affects approximately 3% of cloud enterprise environments
Risk Analysis
- Probability: High - Public PoC available
- Impact: Critical - Enables full system compromise
- Attack Surface: ~3% of cloud enterprises exposed
- Exploitation Complexity: Low - Unauthenticated access required
Action Items
- Immediately upgrade to versions 7.1.4191 or 7.2.4996
- Implement network access controls to restrict controller access
- Remove public access to Aviatrix Controller instances
- Complete patches by February 6, 2025 (FCEB requirement)
Sources
- [The Hacker News](https://thehackernews.com/2025/01/hackers-exploit-aviatrix-controller.html)
