CISA Warns of Aviatrix Controllers OS Command Injection Vulnerability Exploited in Wild

The Cybersecurity and Infrastructure Security Agency (CISA) has issued a critical alert regarding a significant OS command injection vulnerability in Aviatrix Controllers, identified as CVE-2024-50603.

This vulnerability poses a serious risk, as it allows unauthenticated attackers to execute arbitrary code on affected systems, potentially leading to severe security breaches.

Vulnerability Details

The vulnerability, classified under the Common Weakness Enumeration (CWE) as CWE-78, can be exploited by sending specially crafted shell metacharacters to specific API endpoints.

Attackers can target the /v1/api interface, particularly through the parameters cloud_type in the list_flightpath_destination_instances call and src_cloud_type in the flightpath_connection_test function.

Investigate Real-World Malicious Links & Phishing Attacks With Threat Intelligence Lookup - Try for Free

This exploitation could allow malicious actors to gain control over the affected system, jeopardizing the security and integrity of the organization’s cloud infrastructure.

While it is currently unclear whether this vulnerability has been actively utilized in ransomware campaigns, the potential for abuse remains high.

The ability for unauthenticated users to execute arbitrary code could result in significant data breaches, disruption of services, and unauthorized access to sensitive information.

Organizations using Aviatrix Controllers are urged to prioritize security measures to mitigate this risk.

CISA advises organizations to take immediate action to protect their systems. The recommendations include:

1. Apply Mitigations: Follow the vendor’s guidelines for applying necessary patches and mitigations. It is crucial to regularly check for updates related to this vulnerability.
2. Discontinue Use: If mitigations are unavailable or cannot be implemented effectively, organizations should consider discontinuing the use of Aviatrix Controllers until a secure solution is available.
3. Monitor Systems: Continuously monitor systems for any suspicious activity or unauthorized access attempts that could indicate exploitation of this vulnerability.

The discovery of CVE-2024-50603 serves as a stark reminder of the vulnerabilities present in cloud management tools.

Organizations must remain vigilant and proactive in their security measures to protect against potential exploitation.

As the deadline for addressing this vulnerability approaches—set for February 6, 2025—CISA emphasizes the need for immediate action to safeguard cloud infrastructures against this critical threat.

For further updates and detailed information, organizations are encouraged to regularly consult CISA’s advisories and follow best practices in cybersecurity to mitigate risks effectively.

Integrating Application Security into Your CI/CD Workflows Using Jenkins & Jira -> Free Webinar