CVE-2024-50603: Aviatrix Controller RCE

ISGroup Cybersecurity

Aviatrix Controller, a critical platform for network security and multi-cloud networking used to manage multi-cloud environments across major providers such as AWS, Azure, and GCP, is vulnerable to an unauthenticated remote code execution vulnerability. With over 30,000 instances exposed to the internet, this vulnerability represents a very large attack surface. The affected versions are widely distributed in enterprise environments, and the controller’s privileged access to cloud network configurations makes it a high-value target.

ProductAviatrix Controller
Date2025-01-13 09:25:58
Information
  • Trending
  • Fix Available

Technical Summary

An issue has been discovered in Aviatrix Controller in versions prior to 7.1.4191 and in 7.2.x before 7.2.4996. Due to the failure to neutralize special elements used in an operating system command, an unauthenticated attacker is able to execute arbitrary code. Shell metacharacters can be sent to /v1/api in the cloud_type parameter for list_flightpath_destination_instances, or in the src_cloud_type parameter for flightpath_connection_test.

This vulnerability allows for remote code execution with root privileges, potentially enabling attackers to:

  • Gain complete control of the Aviatrix Controller
  • Access sensitive network configurations
  • Compromise connected cloud environments
  • Exfiltrate sensitive data

Recommendations

  1. Update to version 7.1.4191 or later of the Aviatrix Controller for 7.1.x releases
  2. Update to version 7.2.4996 or later of the Aviatrix Controller for 7.2.x releases
  3. Implement network segmentation to limit access to the Aviatrix Controller
  4. Monitor suspicious API requests to the /v1/api endpoint
  5. Apply the principle of least privilege to all system accounts

[Callforaction-THREAT-Footer]