CVE-2024-50603

Published Jan 8, 2025

Last updated a month ago

Overview

Description
An issue was discovered in Aviatrix Controller before 7.1.4191 and 7.2.x before 7.2.4996. Due to the improper neutralization of special elements used in an OS command, an unauthenticated attacker is able to execute arbitrary code. Shell metacharacters can be sent to /v1/api in cloud_type for list_flightpath_destination_instances, or src_cloud_type for flightpath_connection_test.
Source
cve@mitre.org
NVD status
Analyzed

Risk scores

CVSS 3.1

Type
Primary
Base score
9.8
Impact score
5.9
Exploitability score
3.9
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Severity
CRITICAL

Known exploits

Data from CISA

Vulnerability name
Aviatrix Controllers OS Command Injection Vulnerability
Exploit added on
Jan 16, 2025
Exploit action due
Feb 6, 2025
Required action
Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Weaknesses

cve@mitre.org
CWE-78
nvd@nist.gov
CWE-78

Social media

Hype score
Not currently trending
  1. #Vulnerability #AviatrixController Aviatrix Controller RCE CVE-2024-50603 Exploited in the Wild: Cryptojacking and Backdoors Deployed https://t.co/XBX9TnMacT

    @Komodosec

    4 Feb 2025

    4 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  2. Top 5 Trending CVEs: 1 - CVE-2024-50603 2 - CVE-2023-34960 3 - CVE-2024-49138 4 - CVE-2024-12084 5 - CVE-2025-21210 #cve #cvetrends #cveshield #cybersecurity https://t.co/4Fua3CAN6W

    @CVEShield

    21 Jan 2025

    18 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  3. CISA has added a critical OS Command Injection vulnerability in Aviatrix Controllers (CVE-2024-50603) to its Known Exploited Vulnerabilities catalog, affecting pre-7.1.4191 and 7.2.x versions. The vulnerability allows unauthenticated attackers to execute arbitrary code, with a...

    @CybrPulse

    17 Jan 2025

    13 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  4. CVE-2024-50603 POC Aviatrix 控制器远程代码执行 https://t.co/Hj0uHNXmLK https://t.co/TVVv40Hs73

    @gov_hack

    17 Jan 2025

    257 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  5. Latest Known Exploited Vulnerabilities (#KEV) : #CVE-2024-50603 #Aviatrix #Controllers OS Command Injection Vulnerability https://t.co/21TrUce0lY

    @ScyScan

    16 Jan 2025

    5 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  6. CISA が既知の悪用された脆弱性をカタログに追加 CISA Adds One Known Exploited Vulnerability to Catalog #CISA (Jan 16) - CVE-2024-50603 Aviatrix コントローラー OS コマンド インジェクションの脆弱性 https://t.co/V4atM9WSEl

    @foxbook

    16 Jan 2025

    242 Impressions

    0 Retweets

    2 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  7. CISA e SAP: 12 vulnerabilità ICS critiche Sicurezza Informatica, cisa, CVE-2024-50603, ICS, NetWeaver, SAP https://t.co/rAU9W8CA5b https://t.co/sC00m1EmKT

    @matricedigitale

    16 Jan 2025

    28 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  8. 🛡️ We added #Aviatrix Controller OS command injection vulnerability CVE-2024-50603 to our Known Exploited Vulnerabilities Catalog. Visit https://t.co/myxOwap1Tf & apply mitigations to protect your org from cyberattacks. #Cybersecurity #InfoSec https://t.co/mHA082Fr7G

    @CISACyber

    16 Jan 2025

    5741 Impressions

    30 Retweets

    49 Likes

    5 Bookmarks

    3 Replies

    2 Quotes

  9. CVE-2024-50603 impacts Aviatrix with Cryptomining #aviatrix #CVE-2024-50603 #CryptoMining https://t.co/lXihspiCXb

    @pravin_karthik

    16 Jan 2025

    25 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  10. Aviatrix Controller users urged to patch ASAP due to critical CVE-2024-50603, CVSS 10.0, allowing hackers to execute code, PoC exploit public. Alice K. Synthetic Journalist | NFN https://t.co/Nnmfsu8IZR

    @SyntheticMinds_

    16 Jan 2025

    31 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  11. The Wiz Incident Response team is addressing critical security incidents linked to CVE-2024-50603, a severe unauthenticated remote code execution vulnerability in Aviatrix Controller with a CVSS score of 10.0. Approximately 3% of enterprise cloud environments are affected, wit...

    @CybrPulse

    15 Jan 2025

    32 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  12. A critical vulnerability (CVE-2024-50603) in the Aviatrix Controller permits unauthenticated remote code execution (RCE), with active exploitation reported by Wiz Research for cryptojacking and backdoor deployments. Affected versions include those prior to 7.1.4191 and 7.2.499...

    @CybrPulse

    15 Jan 2025

    23 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  13. Cryptojacking Chaos: Aviatrix Controller Bug Exploited in the Wild! Hot Take: Looks like Aviatrix Controller learned the hard way that when it comes to cybersecurity, you really can't just "wing it." CVE-2024-50603 is like leaving your front door open with a sign saying "Free…

    @TheNimbleNerd

    15 Jan 2025

    31 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  14. A critical vulnerability in Aviatrix Controller (CVE-2024-50603) is being exploited by threat actors to deploy backdoors and cryptocurrency miners, urging organizations to patch urgently, according to Wiz Incident Response. #CyberSecurity #Aviatrix https://t.co/UZQa4pYvbz

    @Cyber_O51NT

    15 Jan 2025

    10 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  15. 𝗩𝗶𝘀𝘁𝗲𝗺 𝗦𝗼𝗹𝘂𝘁𝗶𝗼𝗻𝘀, 𝗜𝗻𝗰. - "Enhancing your business securely through innovation and technology." Wiz Research has identified active exploitation of the Aviatrix Controller RCE vulnerability (CVE-2024-50603), which poses a significant threat to AWS environments by

    @VistemSolutions

    14 Jan 2025

    24 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  16. Critical RCE vulnerability in Aviatrix (CVE-2024-50603) actively exploited by cloud attackers to plant malware. Rated 10/10 on CVSS scale. Patch ASAP. #CloudSecurity #CyberSecurity https://t.co/sot6qO8WN3

    @fishpassenger

    14 Jan 2025

    32 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  17. 🚨 A critical vulnerability (CVE-2024-50603) in Aviatrix Controller allows remote code execution, impacting cloud environments. Affects 3% of enterprises and has a CVSS score of 10/10. ⚠️ #CloudSecurity #MalwareThreats #USA #CybersecurityNews link: https://t.co/foTVvvBowU https:

    @TweetThreatNews

    14 Jan 2025

    37 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  18. A critical vulnerability (CVE-2024-50603) in Aviatrix Controller, with a CVSS score of 10.0, allows unauthenticated attackers to execute arbitrary code. Actively exploited in the wild, it poses significant risks of deploying backdoors and cryptojacking. Organizations are urged...

    @CybrPulse

    14 Jan 2025

    19 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  19. Threat Alert: Hackers Exploit Aviatrix Controller Vulnerability to Deploy Backdoors and Crypto CVE-2024-50603 Severity: ⚠️ Critical Maturity: 💥 Mainstream Learn more: https://t.co/9uMcrwMn0i #CyberSecurity #ThreatIntel #InfoSec

    @fletch_ai

    14 Jan 2025

    20 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  20. A critical flaw in Aviatrix Controller (CVE-2024-50603) allows remote code execution in AWS, affecting 3% of users. Exploits can lead to significant breaches. Stay vigilant! ⚠️ #Aviatrix #AWS #USA #CybersecurityNews link: https://t.co/mIzP0djCrU https://t.co/xW9VnBsMji

    @TweetThreatNews

    14 Jan 2025

    38 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  21. Hackers are exploiting a critical RCE flaw in Aviatrix Controller to deploy backdoors & crypto miners. Patch CVE-2024-50603 ASAP! #CyberSecurity #InfoSec #Aviatrix https://t.co/k2FQW2AWFK

    @fishpassenger

    14 Jan 2025

    22 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  22. A critical code execution flaw (CVE-2024-50603) in the Aviatrix Controller has been exploited to deploy cryptojacking malware and backdoors, with a CVSS score of 10. Researchers note that approximately 3% of cloud enterprise environments use this controller, and in 65% of thes...

    @CybrPulse

    13 Jan 2025

    24 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  23. 🚨 Cloud Under Siege: Exploitation of Max-Critical Aviatrix RCE Flaw (#CVE-2024-50603) https://t.co/doQCFPTOwK

    @UndercodeNews

    13 Jan 2025

    28 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  24. A critical vulnerability (CVE-2024-50603) in Aviatrix Controller poses severe risks, allowing unauthenticated remote users to execute arbitrary commands on affected systems. Exploitation is already underway, with attackers deploying cryptomining malware and backdoors, particul...

    @CybrPulse

    13 Jan 2025

    17 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  25. Hackers Exploit Aviatrix Controller Vulnerability to Deploy Backdoors and Crypto Miners: https://t.co/3jc5wJAEOT A critical vulnerability (CVE-2024-50603, CVSS 10.0) in the Aviatrix Controller cloud networking platform is being actively exploited to deploy backdoors and… https:/

    @securityRSS

    13 Jan 2025

    18 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  26. CVE-2024-50603 - CVSS 10! 🚨 Aviatrix Controller Command Injection Vulnerability. Patch up folks ⚒️🩹#infosec #cyber #security https://t.co/rFNbrU5SEK

    @gothburz

    13 Jan 2025

    24 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  27. Hackers are exploiting a critical RCE vulnerability (CVE-2024-50603) in Aviatrix Controller, enabling backdoors and crypto miners. Users must upgrade to version 7.1.4191. ⚡️💻 #Aviatrix #CloudSecurity #USA #CybersecurityNews link: https://t.co/fuUEuon2E3 https://t.co/LzgrRMALVB

    @TweetThreatNews

    13 Jan 2025

    36 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  28. A critical remote command execution vulnerability, CVE-2024-50603, in Aviatrix Controller instances is being actively exploited by hackers. They are installing backdoors and crypto miners. Stay informed about this significant security threat. Read more at https://t.co/3WuxBhg2PB.

    @trubetech

    13 Jan 2025

    17 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  29. Hackers + Crypto Mining = A nightmare for cloud security! 🚨 The Aviatrix vulnerability (CVE-2024-50603) is under active attack. Is your cloud data safe? Learn the risks & solutions in just 60 seconds. ⏱️ Full video: https://t.co/0OkjlXDiVo #CloudHacking #CryptoMining #Tech

    @EncryptionEdge7

    13 Jan 2025

    29 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  30. A critical security vulnerability (CVE-2024-50603) in the Aviatrix Controller cloud networking platform is currently being exploited in the wild, leading to unauthorized backdoors and cryptocurrency mining. With a CVSS score of 10.0, this flaw allows attackers to execute remot...

    @CybrPulse

    13 Jan 2025

    28 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  31. 🚨 URGENT: A newly discovered critical flaw in Aviatrix Controller (CVE-2024-50603) is under active attack, allowing hackers to deploy backdoors and cryptocurrency miners. Severity – CVSS score 10.0. Read now: https://t.co/dMJmKWg7RY

    @TheHackersNews

    13 Jan 2025

    10028 Impressions

    25 Retweets

    44 Likes

    5 Bookmarks

    2 Replies

    0 Quotes

  32. 🚨 Exploitation alert: CVE-2024-50603 critical #RCE in #Aviatrix Controller under active attack! Patch now to prevent cryptojacking, backdoors, and AWS privilege escalation. Learn more 👉https://t.co/NPziqTULtu

    @wiz_io

    13 Jan 2025

    210 Impressions

    0 Retweets

    5 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  33. 🚨 CVE Alert: Aviatrix Network Controller Command Injection Vulnerability Exploited In The Wild🚨 Vulnerability Details: CVE-2024-50603 (CVSS 10/10) Aviatrix Network Controller Command Injection Vulnerability Impact A successful exploit May allow an unauthenticated attacker is…

    @CyberxtronTech

    13 Jan 2025

    81 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  34. CVE-2024-50603 (CVSS:10.0, CRITICAL) is Awaiting Analysis. An issue was discovered in Aviatrix Controller before 7.1.4191 and 7.2.x before 7.2.4996. Due to the improper neutraliza..https://t.co/DbYUSxDqw3 #cybersecurityawareness #cybersecurity #CVE #infosec #hacker #nvd #mitre

    @cracbot

    13 Jan 2025

    9 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  35. Aviatrix Controllerにおける遠隔コード実行の脆弱性CVE-2024-50603が既に悪用されている。CVSSスコア10のコマンドインジェクション。1/7に発見者により開示され、PoC(攻撃の概念実証コード)が1/8に公開。1/7には既にマルウェアを観測。 https://t.co/gHGSuWgUUb

    @__kokumoto

    13 Jan 2025

    617 Impressions

    0 Retweets

    5 Likes

    1 Bookmark

    0 Replies

    0 Quotes

  36. 🗣 Aviatrix Controller RCE CVE-2024-50603 Exploited in the Wild: Cryptojacking and Backdoors Deployed https://t.co/WGn2XJCGAZ

    @fridaysecurity

    13 Jan 2025

    24 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  37. Aviatrix Controller RCE CVE-2024-50603 Exploited in the Wild: Cryptojacking and Backdoors Deployed Exploitation of CVE-2024-50603 is already occurring in the wild. Wiz Research observed attackers deploying cryptocurrency miners (XMRig) and backdoors https://t.co/sDyvBKp5UI

    @the_yellow_fall

    13 Jan 2025

    296 Impressions

    2 Retweets

    4 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  38. Wiz Research Discovers Active Exploitation of Aviatrix Controller RCE (CVE-2024-50603) https://t.co/qDurAZfMBz

    @vault33org

    13 Jan 2025

    20 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  39. ⚡CVE-2024-50603: Aviatrix Controller Unauthenticated Command Injection 👉https://t.co/rxgtPPvo6F ✅Join Telegram- https://t.co/V3wk76XHL2 #bugbounty #cvehunter #netlas #nuclei #cybersecurity https://t.co/ntkKaApKPN

    @wtf_brut

    12 Jan 2025

    443 Impressions

    1 Retweet

    3 Likes

    8 Bookmarks

    0 Replies

    0 Quotes

  40. Hey all me and @th3sanjai have released CveHunter new exploitation series that exploits CVE-2024-50603 aviatrix controller unauthenticated command injection, here check out our tool: https://t.co/C682sXsrWH https://t.co/8nAOORmqzw

    @th3gokul

    12 Jan 2025

    122 Impressions

    1 Retweet

    4 Likes

    2 Bookmarks

    0 Replies

    0 Quotes

  41. #threatreport #LowCompleteness Wiz Research Identifies Exploitation in the Wild of Aviatrix Controller RCE (CVE-2024-50603). What is CVE-2024-50603? | 12-01-2025 Source: https://t.co/BFPDk13NHc Key details below ↓ 💀Threats: Xmrig_miner, Sliver_c2_tool, 🎯Victims: Aviatrix… htt

    @rst_cloud

    12 Jan 2025

    52 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  42. Critical RCE vulnerability CVE-2024-50603 in Aviatrix Controller allows unauthenticated command execution. Affected versions risk exploitation, especially in AWS. Prompt upgrades are vital! ⚠️ #Aviatrix #CVE2024 #AWS #ThreatResearch link: https://t.co/5F3uz2wYpG https://t.co/jRc

    @TweetThreatNews

    12 Jan 2025

    55 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  43. #RCE attempts targeting Aviatrix Network Controller #CVE-2024-50603 2025-01-11 00:05:44 UTC Source IP: 83.222.191.146 🇧🇬 POST /v1/api IOCs: 83.222.191.91 🇧🇬 hxxp://83.222.191.91/x.sh 435b552095502a5e482905e2ff30a0c9 https://t.co/XjjUdPvjJK

    @sicehice

    11 Jan 2025

    250 Impressions

    1 Retweet

    3 Likes

    1 Bookmark

    0 Replies

    0 Quotes

  44. 🤡aviatrix deleted their whole documentation because of the vulnerability, i was using it yesterday while they were deleting each page realtime #security #vulnerability #aviatrix CVE-2024-50603 https://t.co/mmmfIrupou

    @PsExec64

    11 Jan 2025

    13 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  45. Day 11 - CVE-2024-50603 Potential Exploitation Activity https://t.co/wwb7NW2RqE

    @KernelCaleb

    11 Jan 2025

    32 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  46. Our IR team has been investigating exploitation of CVE-2024-50603 (Aviatrix Controller RCE). So far impact has been limited to cryptojacking, but the Controller's default roles enable control plane privilege escalation to admin, so be sure to patch ASAP. https://t.co/G7afqiiQTL

    @AmitaiCo

    11 Jan 2025

    731 Impressions

    6 Retweets

    21 Likes

    4 Bookmarks

    1 Reply

    0 Quotes

  47. 🚨The new unauthenticated RCE affecting Aviatrix Controllers (CVE-2024-50603) is the real deal - with a single POST request 🫠 and a super trivial exploit, it takes less than 30 seconds to: 1. Collect all Aviatrix Controllers over the internet 2. Validate exploitability with… ht

    @galnagli

    11 Jan 2025

    8528 Impressions

    21 Retweets

    196 Likes

    106 Bookmarks

    1 Reply

    1 Quote

  48. Critical Command Injection Vulnerability Found in Aviatrix Network Controller (CVE-2024-50603) #JustUnsecure #AFrihackbox https://t.co/1pVpP4CcLN

    @afrihackbox

    11 Jan 2025

    12 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  49. #Vulnerability #Aviatrix CVE-2024-50603 (CVSS 10): Critical Command Injection Vulnerability in Aviatrix Controller https://t.co/A2vaENsQye

    @Komodosec

    10 Jan 2025

    15 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  50. CVE-2024-50603-nuclei-poc Critical Command Injection Vulnerability in Aviatrix Controller https://t.co/qHm4fhbdEd

    @avebitcoin

    10 Jan 2025

    36 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

Configurations