- Description
- An issue was discovered in Aviatrix Controller before 7.1.4191 and 7.2.x before 7.2.4996. Due to the improper neutralization of special elements used in an OS command, an unauthenticated attacker is able to execute arbitrary code. Shell metacharacters can be sent to /v1/api in cloud_type for list_flightpath_destination_instances, or src_cloud_type for flightpath_connection_test.
- Source
- cve@mitre.org
- NVD status
- Analyzed
CVSS 3.1
- Type
- Primary
- Base score
- 9.8
- Impact score
- 5.9
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- Severity
- CRITICAL
Data from CISA
- Vulnerability name
- Aviatrix Controllers OS Command Injection Vulnerability
- Exploit added on
- Jan 16, 2025
- Exploit action due
- Feb 6, 2025
- Required action
- Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
- Hype score
- Not currently trending
#Vulnerability #AviatrixController Aviatrix Controller RCE CVE-2024-50603 Exploited in the Wild: Cryptojacking and Backdoors Deployed https://t.co/XBX9TnMacT
@Komodosec
4 Feb 2025
4 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Top 5 Trending CVEs: 1 - CVE-2024-50603 2 - CVE-2023-34960 3 - CVE-2024-49138 4 - CVE-2024-12084 5 - CVE-2025-21210 #cve #cvetrends #cveshield #cybersecurity https://t.co/4Fua3CAN6W
@CVEShield
21 Jan 2025
18 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CISA has added a critical OS Command Injection vulnerability in Aviatrix Controllers (CVE-2024-50603) to its Known Exploited Vulnerabilities catalog, affecting pre-7.1.4191 and 7.2.x versions. The vulnerability allows unauthenticated attackers to execute arbitrary code, with a...
@CybrPulse
17 Jan 2025
13 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
CVE-2024-50603 POC Aviatrix 控制器远程代码执行 https://t.co/Hj0uHNXmLK https://t.co/TVVv40Hs73
@gov_hack
17 Jan 2025
257 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
Latest Known Exploited Vulnerabilities (#KEV) : #CVE-2024-50603 #Aviatrix #Controllers OS Command Injection Vulnerability https://t.co/21TrUce0lY
@ScyScan
16 Jan 2025
5 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CISA が既知の悪用された脆弱性をカタログに追加 CISA Adds One Known Exploited Vulnerability to Catalog #CISA (Jan 16) - CVE-2024-50603 Aviatrix コントローラー OS コマンド インジェクションの脆弱性 https://t.co/V4atM9WSEl
@foxbook
16 Jan 2025
242 Impressions
0 Retweets
2 Likes
0 Bookmarks
0 Replies
0 Quotes
CISA e SAP: 12 vulnerabilità ICS critiche Sicurezza Informatica, cisa, CVE-2024-50603, ICS, NetWeaver, SAP https://t.co/rAU9W8CA5b https://t.co/sC00m1EmKT
@matricedigitale
16 Jan 2025
28 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🛡️ We added #Aviatrix Controller OS command injection vulnerability CVE-2024-50603 to our Known Exploited Vulnerabilities Catalog. Visit https://t.co/myxOwap1Tf & apply mitigations to protect your org from cyberattacks. #Cybersecurity #InfoSec https://t.co/mHA082Fr7G
@CISACyber
16 Jan 2025
5741 Impressions
30 Retweets
49 Likes
5 Bookmarks
3 Replies
2 Quotes
CVE-2024-50603 impacts Aviatrix with Cryptomining #aviatrix #CVE-2024-50603 #CryptoMining https://t.co/lXihspiCXb
@pravin_karthik
16 Jan 2025
25 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Aviatrix Controller users urged to patch ASAP due to critical CVE-2024-50603, CVSS 10.0, allowing hackers to execute code, PoC exploit public. Alice K. Synthetic Journalist | NFN https://t.co/Nnmfsu8IZR
@SyntheticMinds_
16 Jan 2025
31 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
The Wiz Incident Response team is addressing critical security incidents linked to CVE-2024-50603, a severe unauthenticated remote code execution vulnerability in Aviatrix Controller with a CVSS score of 10.0. Approximately 3% of enterprise cloud environments are affected, wit...
@CybrPulse
15 Jan 2025
32 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
A critical vulnerability (CVE-2024-50603) in the Aviatrix Controller permits unauthenticated remote code execution (RCE), with active exploitation reported by Wiz Research for cryptojacking and backdoor deployments. Affected versions include those prior to 7.1.4191 and 7.2.499...
@CybrPulse
15 Jan 2025
23 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Cryptojacking Chaos: Aviatrix Controller Bug Exploited in the Wild! Hot Take: Looks like Aviatrix Controller learned the hard way that when it comes to cybersecurity, you really can't just "wing it." CVE-2024-50603 is like leaving your front door open with a sign saying "Free…
@TheNimbleNerd
15 Jan 2025
31 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
A critical vulnerability in Aviatrix Controller (CVE-2024-50603) is being exploited by threat actors to deploy backdoors and cryptocurrency miners, urging organizations to patch urgently, according to Wiz Incident Response. #CyberSecurity #Aviatrix https://t.co/UZQa4pYvbz
@Cyber_O51NT
15 Jan 2025
10 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
𝗩𝗶𝘀𝘁𝗲𝗺 𝗦𝗼𝗹𝘂𝘁𝗶𝗼𝗻𝘀, 𝗜𝗻𝗰. - "Enhancing your business securely through innovation and technology." Wiz Research has identified active exploitation of the Aviatrix Controller RCE vulnerability (CVE-2024-50603), which poses a significant threat to AWS environments by
@VistemSolutions
14 Jan 2025
24 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Critical RCE vulnerability in Aviatrix (CVE-2024-50603) actively exploited by cloud attackers to plant malware. Rated 10/10 on CVSS scale. Patch ASAP. #CloudSecurity #CyberSecurity https://t.co/sot6qO8WN3
@fishpassenger
14 Jan 2025
32 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 A critical vulnerability (CVE-2024-50603) in Aviatrix Controller allows remote code execution, impacting cloud environments. Affects 3% of enterprises and has a CVSS score of 10/10. ⚠️ #CloudSecurity #MalwareThreats #USA #CybersecurityNews link: https://t.co/foTVvvBowU https:
@TweetThreatNews
14 Jan 2025
37 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
A critical vulnerability (CVE-2024-50603) in Aviatrix Controller, with a CVSS score of 10.0, allows unauthenticated attackers to execute arbitrary code. Actively exploited in the wild, it poses significant risks of deploying backdoors and cryptojacking. Organizations are urged...
@CybrPulse
14 Jan 2025
19 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Threat Alert: Hackers Exploit Aviatrix Controller Vulnerability to Deploy Backdoors and Crypto CVE-2024-50603 Severity: ⚠️ Critical Maturity: 💥 Mainstream Learn more: https://t.co/9uMcrwMn0i #CyberSecurity #ThreatIntel #InfoSec
@fletch_ai
14 Jan 2025
20 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
A critical flaw in Aviatrix Controller (CVE-2024-50603) allows remote code execution in AWS, affecting 3% of users. Exploits can lead to significant breaches. Stay vigilant! ⚠️ #Aviatrix #AWS #USA #CybersecurityNews link: https://t.co/mIzP0djCrU https://t.co/xW9VnBsMji
@TweetThreatNews
14 Jan 2025
38 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
Hackers are exploiting a critical RCE flaw in Aviatrix Controller to deploy backdoors & crypto miners. Patch CVE-2024-50603 ASAP! #CyberSecurity #InfoSec #Aviatrix https://t.co/k2FQW2AWFK
@fishpassenger
14 Jan 2025
22 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
A critical code execution flaw (CVE-2024-50603) in the Aviatrix Controller has been exploited to deploy cryptojacking malware and backdoors, with a CVSS score of 10. Researchers note that approximately 3% of cloud enterprise environments use this controller, and in 65% of thes...
@CybrPulse
13 Jan 2025
24 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
🚨 Cloud Under Siege: Exploitation of Max-Critical Aviatrix RCE Flaw (#CVE-2024-50603) https://t.co/doQCFPTOwK
@UndercodeNews
13 Jan 2025
28 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
A critical vulnerability (CVE-2024-50603) in Aviatrix Controller poses severe risks, allowing unauthenticated remote users to execute arbitrary commands on affected systems. Exploitation is already underway, with attackers deploying cryptomining malware and backdoors, particul...
@CybrPulse
13 Jan 2025
17 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Hackers Exploit Aviatrix Controller Vulnerability to Deploy Backdoors and Crypto Miners: https://t.co/3jc5wJAEOT A critical vulnerability (CVE-2024-50603, CVSS 10.0) in the Aviatrix Controller cloud networking platform is being actively exploited to deploy backdoors and… https:/
@securityRSS
13 Jan 2025
18 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2024-50603 - CVSS 10! 🚨 Aviatrix Controller Command Injection Vulnerability. Patch up folks ⚒️🩹#infosec #cyber #security https://t.co/rFNbrU5SEK
@gothburz
13 Jan 2025
24 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Hackers are exploiting a critical RCE vulnerability (CVE-2024-50603) in Aviatrix Controller, enabling backdoors and crypto miners. Users must upgrade to version 7.1.4191. ⚡️💻 #Aviatrix #CloudSecurity #USA #CybersecurityNews link: https://t.co/fuUEuon2E3 https://t.co/LzgrRMALVB
@TweetThreatNews
13 Jan 2025
36 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
A critical remote command execution vulnerability, CVE-2024-50603, in Aviatrix Controller instances is being actively exploited by hackers. They are installing backdoors and crypto miners. Stay informed about this significant security threat. Read more at https://t.co/3WuxBhg2PB.
@trubetech
13 Jan 2025
17 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Hackers + Crypto Mining = A nightmare for cloud security! 🚨 The Aviatrix vulnerability (CVE-2024-50603) is under active attack. Is your cloud data safe? Learn the risks & solutions in just 60 seconds. ⏱️ Full video: https://t.co/0OkjlXDiVo #CloudHacking #CryptoMining #Tech
@EncryptionEdge7
13 Jan 2025
29 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
A critical security vulnerability (CVE-2024-50603) in the Aviatrix Controller cloud networking platform is currently being exploited in the wild, leading to unauthorized backdoors and cryptocurrency mining. With a CVSS score of 10.0, this flaw allows attackers to execute remot...
@CybrPulse
13 Jan 2025
28 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
🚨 URGENT: A newly discovered critical flaw in Aviatrix Controller (CVE-2024-50603) is under active attack, allowing hackers to deploy backdoors and cryptocurrency miners. Severity – CVSS score 10.0. Read now: https://t.co/dMJmKWg7RY
@TheHackersNews
13 Jan 2025
10028 Impressions
25 Retweets
44 Likes
5 Bookmarks
2 Replies
0 Quotes
🚨 Exploitation alert: CVE-2024-50603 critical #RCE in #Aviatrix Controller under active attack! Patch now to prevent cryptojacking, backdoors, and AWS privilege escalation. Learn more 👉https://t.co/NPziqTULtu
@wiz_io
13 Jan 2025
210 Impressions
0 Retweets
5 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 CVE Alert: Aviatrix Network Controller Command Injection Vulnerability Exploited In The Wild🚨 Vulnerability Details: CVE-2024-50603 (CVSS 10/10) Aviatrix Network Controller Command Injection Vulnerability Impact A successful exploit May allow an unauthenticated attacker is…
@CyberxtronTech
13 Jan 2025
81 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2024-50603 (CVSS:10.0, CRITICAL) is Awaiting Analysis. An issue was discovered in Aviatrix Controller before 7.1.4191 and 7.2.x before 7.2.4996. Due to the improper neutraliza..https://t.co/DbYUSxDqw3 #cybersecurityawareness #cybersecurity #CVE #infosec #hacker #nvd #mitre
@cracbot
13 Jan 2025
9 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Aviatrix Controllerにおける遠隔コード実行の脆弱性CVE-2024-50603が既に悪用されている。CVSSスコア10のコマンドインジェクション。1/7に発見者により開示され、PoC(攻撃の概念実証コード)が1/8に公開。1/7には既にマルウェアを観測。 https://t.co/gHGSuWgUUb
@__kokumoto
13 Jan 2025
617 Impressions
0 Retweets
5 Likes
1 Bookmark
0 Replies
0 Quotes
🗣 Aviatrix Controller RCE CVE-2024-50603 Exploited in the Wild: Cryptojacking and Backdoors Deployed https://t.co/WGn2XJCGAZ
@fridaysecurity
13 Jan 2025
24 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Aviatrix Controller RCE CVE-2024-50603 Exploited in the Wild: Cryptojacking and Backdoors Deployed Exploitation of CVE-2024-50603 is already occurring in the wild. Wiz Research observed attackers deploying cryptocurrency miners (XMRig) and backdoors https://t.co/sDyvBKp5UI
@the_yellow_fall
13 Jan 2025
296 Impressions
2 Retweets
4 Likes
0 Bookmarks
1 Reply
0 Quotes
Wiz Research Discovers Active Exploitation of Aviatrix Controller RCE (CVE-2024-50603) https://t.co/qDurAZfMBz
@vault33org
13 Jan 2025
20 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
⚡CVE-2024-50603: Aviatrix Controller Unauthenticated Command Injection 👉https://t.co/rxgtPPvo6F ✅Join Telegram- https://t.co/V3wk76XHL2 #bugbounty #cvehunter #netlas #nuclei #cybersecurity https://t.co/ntkKaApKPN
@wtf_brut
12 Jan 2025
443 Impressions
1 Retweet
3 Likes
8 Bookmarks
0 Replies
0 Quotes
Hey all me and @th3sanjai have released CveHunter new exploitation series that exploits CVE-2024-50603 aviatrix controller unauthenticated command injection, here check out our tool: https://t.co/C682sXsrWH https://t.co/8nAOORmqzw
@th3gokul
12 Jan 2025
122 Impressions
1 Retweet
4 Likes
2 Bookmarks
0 Replies
0 Quotes
#threatreport #LowCompleteness Wiz Research Identifies Exploitation in the Wild of Aviatrix Controller RCE (CVE-2024-50603). What is CVE-2024-50603? | 12-01-2025 Source: https://t.co/BFPDk13NHc Key details below ↓ 💀Threats: Xmrig_miner, Sliver_c2_tool, 🎯Victims: Aviatrix… htt
@rst_cloud
12 Jan 2025
52 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Critical RCE vulnerability CVE-2024-50603 in Aviatrix Controller allows unauthenticated command execution. Affected versions risk exploitation, especially in AWS. Prompt upgrades are vital! ⚠️ #Aviatrix #CVE2024 #AWS #ThreatResearch link: https://t.co/5F3uz2wYpG https://t.co/jRc
@TweetThreatNews
12 Jan 2025
55 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
#RCE attempts targeting Aviatrix Network Controller #CVE-2024-50603 2025-01-11 00:05:44 UTC Source IP: 83.222.191.146 🇧🇬 POST /v1/api IOCs: 83.222.191.91 🇧🇬 hxxp://83.222.191.91/x.sh 435b552095502a5e482905e2ff30a0c9 https://t.co/XjjUdPvjJK
@sicehice
11 Jan 2025
250 Impressions
1 Retweet
3 Likes
1 Bookmark
0 Replies
0 Quotes
🤡aviatrix deleted their whole documentation because of the vulnerability, i was using it yesterday while they were deleting each page realtime #security #vulnerability #aviatrix CVE-2024-50603 https://t.co/mmmfIrupou
@PsExec64
11 Jan 2025
13 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Day 11 - CVE-2024-50603 Potential Exploitation Activity https://t.co/wwb7NW2RqE
@KernelCaleb
11 Jan 2025
32 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Our IR team has been investigating exploitation of CVE-2024-50603 (Aviatrix Controller RCE). So far impact has been limited to cryptojacking, but the Controller's default roles enable control plane privilege escalation to admin, so be sure to patch ASAP. https://t.co/G7afqiiQTL
@AmitaiCo
11 Jan 2025
731 Impressions
6 Retweets
21 Likes
4 Bookmarks
1 Reply
0 Quotes
🚨The new unauthenticated RCE affecting Aviatrix Controllers (CVE-2024-50603) is the real deal - with a single POST request 🫠 and a super trivial exploit, it takes less than 30 seconds to: 1. Collect all Aviatrix Controllers over the internet 2. Validate exploitability with… ht
@galnagli
11 Jan 2025
8528 Impressions
21 Retweets
196 Likes
106 Bookmarks
1 Reply
1 Quote
Critical Command Injection Vulnerability Found in Aviatrix Network Controller (CVE-2024-50603) #JustUnsecure #AFrihackbox https://t.co/1pVpP4CcLN
@afrihackbox
11 Jan 2025
12 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
#Vulnerability #Aviatrix CVE-2024-50603 (CVSS 10): Critical Command Injection Vulnerability in Aviatrix Controller https://t.co/A2vaENsQye
@Komodosec
10 Jan 2025
15 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2024-50603-nuclei-poc Critical Command Injection Vulnerability in Aviatrix Controller https://t.co/qHm4fhbdEd
@avebitcoin
10 Jan 2025
36 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:aviatrix:controller:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "EEFBF1E7-29E2-4576-9492-80A82D4D93EC",
"versionEndExcluding": "7.1.4191"
},
{
"criteria": "cpe:2.3:a:aviatrix:controller:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "F60A1799-EC49-48EF-AD1B-0F79DE5A0EEE",
"versionEndExcluding": "7.2.4996",
"versionStartIncluding": "7.2"
}
],
"operator": "OR"
}
]
}
]