skip to content
Decrypt LOL

Get Cyber-Smart in Just 5 Minutes a Week

Decrypt delivers quick and insightful updates on cybersecurity. No spam, no data sharing—just the info you need to stay secure.

Read the latest edition

Aviatrix Controller Vulnerability CVE-2024-50603 Disclosed

/ 1 min read

🛠️ Critical Command Injection Vulnerability Discovered in Aviatrix Controller. A serious security flaw, identified as CVE-2024-50603, affects Aviatrix Controller versions 7.x through 7.2.4820, allowing unauthenticated attackers to execute arbitrary code remotely due to improper handling of OS command elements. The vulnerability arises from certain parameters not being properly sanitized, enabling potential exploitation through crafted HTTP requests. A proof of concept demonstrated the ability to retrieve sensitive system files, such as /etc/passwd. Following the discovery, Aviatrix was notified, and a patch was released on November 7, 2024, with public disclosure scheduled for January 7, 2025. Organizations using affected versions are urged to update promptly to mitigate risks.

Source
{entry.data.source.title}
Original