CVE-2024-50603

Published Jan 8, 2025

Last updated 4 days ago

CVSS critical 10.0

Overview

Description
An issue was discovered in Aviatrix Controller before 7.1.4191 and 7.2.x before 7.2.4996. Due to the improper neutralization of special elements used in an OS command, an unauthenticated attacker is able to execute arbitrary code. Shell metacharacters can be sent to /v1/api in cloud_type for list_flightpath_destination_instances, or src_cloud_type for flightpath_connection_test.
Source
cve@mitre.org
NVD status
Received

Risk scores

CVSS 3.1

Type
Secondary
Base score
10
Impact score
6
Exploitability score
3.9
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Severity
CRITICAL

Weaknesses

cve@mitre.org
CWE-78

Social media

Hype score is a measure of social media activity compared against trending CVEs from the past 12 months. Max score 100.

Hype score

3

  1. 🤡aviatrix deleted their whole documentation because of the vulnerability, i was using it yesterday while they were deleting each page realtime #security #vulnerability #aviatrix CVE-2024-50603 https://t.co/mmmfIrupou

    @PsExec64

    11 Jan 2025

    4 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  2. 🚨The new unauthenticated RCE affecting Aviatrix Controllers (CVE-2024-50603) is the real deal - with a single POST request 🫠 and a super trivial exploit, it takes less than 30 seconds to: 1. Collect all Aviatrix Controllers over the internet 2. Validate exploitability with… ht

    @galnagli

    11 Jan 2025

    3770 Impressions

    8 Retweets

    108 Likes

    59 Bookmarks

    1 Reply

    1 Quote

  3. Critical Command Injection Vulnerability Found in Aviatrix Network Controller (CVE-2024-50603) #JustUnsecure #AFrihackbox https://t.co/1pVpP4CcLN

    @afrihackbox

    11 Jan 2025

    12 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  4. #Vulnerability #Aviatrix CVE-2024-50603 (CVSS 10): Critical Command Injection Vulnerability in Aviatrix Controller https://t.co/A2vaENsQye

    @Komodosec

    10 Jan 2025

    15 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  5. CVE-2024-50603-nuclei-poc Critical Command Injection Vulnerability in Aviatrix Controller https://t.co/qHm4fhbdEd

    @avebitcoin

    10 Jan 2025

    36 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  6. The discovery of CVE-2024-50603 in Aviatrix Controller versions 7.x-7.2.4820 poses a critical risk due to its command injection vulnerability, allowing unauthenticated remote code execution. With a CVSS score of 10.0, this flaw affects 681 publicly exposed systems, making it c...

    @CybrPulse

    10 Jan 2025

    10 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  7. #Aviatrix #criticalvulnerabilities #CVEexploits Critical Command Injection Vulnerability Found in Aviatrix Network Controller (CVE-2024-50603) https://t.co/nK426UR558 https://t.co/oE7sTKefH6

    @EHackerNews

    10 Jan 2025

    23 Impressions

    1 Retweet

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  8. 🚨Alert🚨 CVE-2024-50603 (CVSS 10): Critical Command Injection Vulnerability in Aviatrix Controller 🔥PoC :https://t.co/ic7UpoIePp 📊 10K+ Services are found on https://t.co/ysWb28BTvF yearly. 🔗Hunter Link:https://t.co/vjkFGhn2LQ 👇Query HUNTER :/product.name="Aviatrix… https://

    @HunterMapping

    10 Jan 2025

    4368 Impressions

    37 Retweets

    95 Likes

    41 Bookmarks

    0 Replies

    0 Quotes

  9. CVE-2024-50603 denotes a critical vulnerability in the Aviatrix Controller, affecting versions 7.x through 7.2.4820, which enables remote attackers to execute arbitrary commands due to improper input handling in API endpoints. This vulnerability poses significant risk with app...

    @CybrPulse

    9 Jan 2025

    22 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  10. #exploit 1. CVE-2023-6932, CVE-2023-0461: UaF/LPE in Linux kernel https://t.co/OOfZ4dy95Q 2. CVE-2024-53141: An OOB Write Vulnerability in Netfiler Ipset https://t.co/rVzuElL9KO 3. CVE-2024-50603: Aviatrix Network Controller Command Injection Vulnerability… https://t.co/s0jItYw

    @ksg93rd

    9 Jan 2025

    62 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  11. 🚨🚨🚨Critical Vulnerability Alert: CVE-2024-50603 Critical Command Injection Vulnerability in Aviatrix Controller https://t.co/RaF4f6qVDk

    @DarkWebInformer

    9 Jan 2025

    2031 Impressions

    3 Retweets

    15 Likes

    3 Bookmarks

    0 Replies

    0 Quotes

  12. Warning: Critical Command Injection in Aviatrix Controller. #CVE-2024-50603 CVSS: 10. This could potentially lead to remote code execution, unauthorized access and exfiltration of sensitive data, system compromise and lateral movement! #Patch #Patch #Patch https://t.co/LiZoWaCjiF

    @CCBalert

    9 Jan 2025

    72 Impressions

    0 Retweets

    0 Likes

    1 Bookmark

    0 Replies

    0 Quotes

  13. ⚠️⚠️ CVE-2024-50603 (CVSS 10): Critical Command Injection Vulnerability in Aviatrix Controller 🎯3.6k+ Results are found on the https://t.co/pb16tGYaKe nearly year. 🔗FOFA Link:https://t.co/qx6IYqYjED FOFA Query:app="aVIaTrIX-CNTLR" 🔖Refer: https://t.co/I5vfU6bAD3 #OSINT… h

    @fofabot

    9 Jan 2025

    600 Impressions

    3 Retweets

    7 Likes

    1 Bookmark

    0 Replies

    0 Quotes

  14. 🚨 Critical command injection vulnerability (CVE-2024-50603) in Aviatrix Network Controller patched! Affects versions 7.x - 7.2.4820. 681 exposed instances found. Urgent action needed! 🔒💻 #Aviatrix #RemoteCodeExecution #USA #CybersecurityNews link: https://t.co/A6zRN15cb2 http

    @TweetThreatNews

    8 Jan 2025

    41 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  15. Aviatrix Controllerのバージョン7.xから7.2.4820において、OSコマンドの不適切な中和処理(improper neutralization of special elements)が原因で発生するRCE脆弱性 CVE-2024-50603 CVSS9.9 Critical 既にPoCが公開されているためパッチ適用が必須です。 https://t.co/lI50W5itID

    @t_nihonmatsu

    8 Jan 2025

    314 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  16. Aviatrix Controllerのバージョン7.xから7.2.4820において、OSコマンドの不適切な中和処理(improper neutralization of special elements)が原因で発生するRCE脆弱性 CVE-2024-50603 CVSS10.0 Critical 既にPoCが公開されているためパッチ適用が必須です。 https://t.co/NwqtIpaph1

    @t_nihonmatsu

    8 Jan 2025

    102 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  17. CVE-2024-50603 An issue was discovered in Aviatrix Controller before 7.1.4191 and 7.2.x before 7.2.4996. Due to the improper neutralization of special elements used in an OS command… https://t.co/xsXU4d8EY9

    @CVEnew

    8 Jan 2025

    182 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  18. CVE-2024-50603 (CVSS 10): Critical Command Injection Vulnerability in Aviatrix Controller https://t.co/pHJ1wnN64w

    @Dinosn

    8 Jan 2025

    2876 Impressions

    16 Retweets

    52 Likes

    14 Bookmarks

    0 Replies

    0 Quotes

  19. 🚨🚨CVE-2024-50603 (CVSS: 10) : Critical Command Injection Vulnerability in Aviatrix Controller ⚠️Due to the improper neutralization of special elements used in an OS command, an unauthenticated attacker is able to execute arbitrary code. ZoomEye Dork👉app="Aviatrix Controller"…

    @zoomeye_team

    8 Jan 2025

    602 Impressions

    4 Retweets

    12 Likes

    4 Bookmarks

    0 Replies

    0 Quotes

  20. [CVE-2024-50603: CRITICAL] Vulnerability found in Aviatrix Controller allows unauthenticated attackers to run arbitrary code due to improper OS command handling. Update to version 7.1.4191 or 7.2.4996 ASAP.#cybersecurity,#vulnerability https://t.co/1ir2zjWAHh https://t.co/4gisg6u

    @CveFindCom

    8 Jan 2025

    67 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

References