Critical Command Injection Vulnerability Found in Aviatrix Controller
/ 1 min read
🚨💡 Critical Command Injection Vulnerability Discovered in Aviatrix Network Controller. A severe command injection flaw, designated CVE-2024-50603, has been identified in Aviatrix Controller versions 7.x through 7.2.4820, earning a maximum CVSS score of 10.0. This vulnerability allows unauthenticated attackers to execute arbitrary code remotely due to improper handling of user inputs in the API. Security consultant Jakub Korepta demonstrated the exploit through a crafted HTTP request, highlighting risks such as remote code execution, data exfiltration, and potential system compromise. With 681 exposed instances found via Shodan, immediate action is recommended; Aviatrix has released a patch in version 7.2.4996, urging users to update promptly to mitigate these risks.
