Hackers Exploit Vulnerability in Aviatrix Controller
/ 1 min read
🦠 Critical vulnerability in Aviatrix Controller exploited by hackers. A severe remote command execution vulnerability, identified as CVE-2024-50603, is being actively exploited in Aviatrix Controller instances, allowing attackers to install backdoors and crypto miners. Discovered on October 17, 2024, the flaw arises from inadequate input sanitization in API actions, enabling unauthorized command execution. This affects all versions from 7.x to 7.2.4820, with users urged to upgrade to versions 7.1.4191 or 7.2.4996 to mitigate risks. Although only 3% of cloud environments use Aviatrix Controller, many have paths for lateral movement to administrative permissions, raising concerns about potential data exfiltration. Users are advised to secure their systems by limiting internet exposure and following access guidelines.
