Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cloud Security

Critical Aviatrix Controller Vulnerability Exploited Against Cloud Environments

Attackers are exploiting a critical vulnerability in Aviatrix Controller to execute arbitrary code in AWS cloud environments.

Cloud attacks exploiting Aviatrix vulnerability

Threat actors are exploiting a critical-severity remote code execution (RCE) vulnerability in Aviatrix Controller to deploy malware, cybersecurity firm Wiz reports.

The issue, tracked as CVE-2024-50603 (CVSS score of 10/10), exists because user-supplied input is not properly neutralized, allowing unauthenticated, remote attackers to inject arbitrary code that is executed with high privileges on the Aviatrix cloud networking platform.

The solution is designed to help organizations manage and secure their cloud infrastructure across multiple providers from a single place.

Impacting certain endpoints within the Aviatrix Controller’s API, which is implemented in PHP, the vulnerability was patched in December, but technical information on it was only published last week.

Following public disclosure, however, proof-of-concept (PoC) exploit code was published and a Nuclei template was also released.

Over the weekend, Wiz warned that threat actors started exploiting CVE-2024-50603 against AWS cloud environments, to deploy cryptocurrency miners and backdoors.

“Immediately following the publication of the exploit, Wiz Research identified evidence of successful exploitation of this vulnerability across several cloud environments,” the cybersecurity firm notes.

The exposed vulnerable instances were confirmed vulnerable to CVE-2024-50603, suggesting that the attackers quickly adopted the fresh exploit code.

Advertisement. Scroll to continue reading.

Wiz also warns that, because the Aviatrix Controller is deployed in AWS cloud environments with high privileges, the successful exploitation of the security defect could also lead to lateral movement.

“Based on our data, around 3% of cloud enterprise environments have Aviatrix Controller deployed. However, our data shows that in 65% of such environments, the virtual machine hosting Aviatrix Controller has a lateral movement path to administrative cloud control plane permissions,” Wiz says.

To date, however, the cybersecurity firm has not observed cloud lateral movement attempts following initial access, but it expects that threat actors will abuse the flaw to at least enumerate cloud permissions and to exfiltrate data from the compromised environments.

The bug impacts Aviatrix Controller versions 7.x before 7.1.4191 and 7.2.4996. Organizations are advised to update their instances as soon as possible.

Related: First Android Update of 2025 Patches Critical Code Execution Vulnerabilities

Related: Russian Cyberspies Hacked Building Across Street From Target for Wi-Fi Attack

Related: Critical Vulnerabilities Expose Parking Management System to Hacker Attacks

Related: How Technology Can Think Globally and Act Locally to Inform Global Cyber Policies

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Discover strategies for vendor selection, integration to minimize redundancies, and maximizing ROI from your cybersecurity investments. Gain actionable insights to ensure your stack is ready for tomorrow’s challenges.

Register

Dive into critical topics such as incident response, threat intelligence, and attack surface management. Learn how to align cyber resilience plans with business objectives to reduce potential impacts and secure your organization in an ever-evolving threat landscape.

Register

People on the Move

The US arm of networking giant TP-Link has appointed Adam Robertson as Director of Information and Security.

Cyber exposure management firm Armis has promoted Alex Mosher to President.

Software giant Atlassian has named David Cross as its new CISO.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.