Aviatrix Controller Vulnerability CVE-2024-50603 Disclosed
/ 1 min read
🛠️ Critical Command Injection Vulnerability Discovered in Aviatrix Controller. A serious security flaw, identified as CVE-2024-50603, affects Aviatrix Controller versions 7.x through 7.2.4820, allowing unauthenticated attackers to execute arbitrary code remotely due to improper handling of OS command elements. The vulnerability arises from certain parameters not being properly sanitized, enabling potential exploitation through crafted HTTP requests. A proof of concept demonstrated the ability to retrieve sensitive system files, such as /etc/passwd. Following the discovery, Aviatrix was notified, and a patch was released on November 7, 2024, with public disclosure scheduled for January 7, 2025. Organizations using affected versions are urged to update promptly to mitigate risks.
