Threat actors are exploiting a critical-severity remote code execution (RCE) vulnerability in Aviatrix Controller to deploy malware, cybersecurity firm Wiz reports.
The issue, tracked as CVE-2024-50603 (CVSS score of 10/10), exists because user-supplied input is not properly neutralized, allowing unauthenticated, remote attackers to inject arbitrary code that is executed with high privileges on the Aviatrix cloud networking platform.
The solution is designed to help organizations manage and secure their cloud infrastructure across multiple providers from a single place.
Impacting certain endpoints within the Aviatrix Controller’s API, which is implemented in PHP, the vulnerability was patched in December, but technical information on it was only published last week.
Following public disclosure, however, proof-of-concept (PoC) exploit code was published and a Nuclei template was also released.
Over the weekend, Wiz warned that threat actors started exploiting CVE-2024-50603 against AWS cloud environments, to deploy cryptocurrency miners and backdoors.
“Immediately following the publication of the exploit, Wiz Research identified evidence of successful exploitation of this vulnerability across several cloud environments,” the cybersecurity firm notes.
The exposed vulnerable instances were confirmed vulnerable to CVE-2024-50603, suggesting that the attackers quickly adopted the fresh exploit code.
Wiz also warns that, because the Aviatrix Controller is deployed in AWS cloud environments with high privileges, the successful exploitation of the security defect could also lead to lateral movement.
“Based on our data, around 3% of cloud enterprise environments have Aviatrix Controller deployed. However, our data shows that in 65% of such environments, the virtual machine hosting Aviatrix Controller has a lateral movement path to administrative cloud control plane permissions,” Wiz says.
To date, however, the cybersecurity firm has not observed cloud lateral movement attempts following initial access, but it expects that threat actors will abuse the flaw to at least enumerate cloud permissions and to exfiltrate data from the compromised environments.
The bug impacts Aviatrix Controller versions 7.x before 7.1.4191 and 7.2.4996. Organizations are advised to update their instances as soon as possible.
Related: First Android Update of 2025 Patches Critical Code Execution Vulnerabilities
Related: Russian Cyberspies Hacked Building Across Street From Target for Wi-Fi Attack
Related: Critical Vulnerabilities Expose Parking Management System to Hacker Attacks
Related: How Technology Can Think Globally and Act Locally to Inform Global Cyber Policies
