Summary: A critical vulnerability in Aviatrix Controller (CVE-2024-50603) has led to multiple cloud deployments being compromised, allowing for remote code execution and privilege escalation. The availability of a proof-of-concept exploit shortly after the vulnerability’s disclosure has heightened concerns for affected users.
Threat Actor: Unknown | unknown
Victim: Aviatrix Controller Users | Aviatrix Controller Users
Key Point :
- Vulnerability allows remote code execution and privilege escalation in AWS environments.
- Approximately 3% of AWS customers use Aviatrix Controller, with significant lateral movement potential in 65% of these deployments.
- Successful exploits have led to malware deployment, including Silver backdoors and cryptojacking.
- Defenders can mitigate risks by upgrading to version 7.2.4996 and restricting public access to the controller.
- Compromised environments were found to be exposed to the internet despite having previous patches applied.
Source: https://www.theregister.com/2025/01/13/severe_aviatrix_controller_vulnerability/