Critical RCE Vulnerability in Aviatrix Controller: Wiz Issues Urgent Patch Advisory
informationsecuritybuzz.com
The Wiz Incident Response team is actively addressing multiple security incidents linked to CVE-2024-50603, a critical unauthenticated remote code execution (RCE) vulnerability in Aviatrix Controller.
This flaw, rated the maximum CVSS score of 10.0, poses a severe risk of privilege escalation within AWS cloud environments. Entities using Aviatrix Controller are strongly advised to apply patches immediately.
Data from Wiz indicates that approximately 3% of enterprise cloud environments use Aviatrix Controller. Of these, 65% have configurations enabling lateral movement to cloud administrative permissions—a concerning statistic given the potential for widespread damage.
A High-Impact Security Threat
This vulnerability arises from improper input neutralization in the Aviatrix Controller’s API, specifically in endpoints such as list_flightpath_destination_instances and flightpath_connection_test. These endpoints incorporate parameters into command strings without proper sanitization, allowing malefactors to execute arbitrary OS commands remotely.
Patched versions 7.1.4191 and 7.2.4996 address the issue ...
Copyright of this story solely belongs to informationsecuritybuzz.com . To see the full text click HERE