216.73.216.86

Exploitation in the Wild of Aviatrix Controller RCE (CVE-2024-50603)

· Published 13/01/2025 16:35 · Modified 13/01/2025 16:45

Export JSON

Essential information

Published
13/01/2025 16:35
Modified
13/01/2025 16:45
Tags
2025-01-13 CVE-2024-50603 aviatrix controller aws backdoor cloud security cryptojacking privilege-escalation rce sliver xmrig
Related entities
4 vulnerabilities (cve), 6 observables, 10 techniques (mitre), 2 malware

Description

A critical code execution vulnerability, , affecting has been observed being exploited in the wild. This unauthenticated remote code execution flaw allows attackers to execute arbitrary commands on the system, potentially leading to privilege escalation in environments. Exploitation has resulted in and deployment. The vulnerability stems from improper handling of user-supplied parameters in the API. Around 3% of cloud enterprise environments have deployed, with 65% of these having lateral movement paths to administrative cloud control plane permissions. Urgent patching and forensic investigation are recommended to mitigate risks.

External references