A critical security vulnerability in the Aviatrix Controller cloud networking platform, identified as CVE-2024-50603, is currently being exploited by cybercriminals to deploy backdoors and cryptocurrency mining operations. This flaw, which has a maximum severity rating of 10.0 on the CVSS scale, allows for unauthenticated remote code execution, posing significant risks to cloud environments.
The vulnerability unveiled
Discovered by Jakub Korepta from Polish cybersecurity firm Securing, CVE-2024-50603 stems from inadequate input sanitization in certain API endpoints. This oversight permits attackers to inject malicious operating system commands, leading to potentially devastating consequences for affected systems. The vulnerability has been addressed in Aviatrix Controller versions 7.1.4191 and 7.2.4996, but many users remain vulnerable as exploitation is already underway.
Active exploitation and impact
According to cloud security experts at Wiz, the exploitation of this flaw has led to multiple incidents where attackers gain initial access to cloud instances, subsequently deploying XMRig for cryptocurrency mining and the Sliver command-and-control (C2) framework for persistent control over compromised environments. Notably, around 3% of enterprise cloud environments utilize the Aviatrix Controller, with a staggering 65% of these exhibiting lateral movement paths that could escalate privileges within the cloud control plane.
Wiz researchers have expressed concerns regarding the potential for data exfiltration, stating that while direct evidence of lateral movement has not yet been observed, it is likely that threat actors are leveraging this vulnerability to explore and exploit cloud permissions further.
Recommendations for users
In light of these developments, it is imperative for organizations using Aviatrix Controller to act swiftly. Security experts recommend applying the latest patches immediately and restricting public access to the controller to mitigate risks associated with this vulnerability.
As the landscape of cloud security continues to evolve, vigilance against such critical vulnerabilities remains essential for safeguarding sensitive data and maintaining operational integrity in cloud environments.