Initiativen für
Als nationale Behörde für Cybersicherheit hat das ZCB mehrere Initiativen für bestimmte Zielgruppen entwickelt, die hier vorgestellt werden.
WARNING: CRITICAL COMMAND INJECTION VULNERABILITY IN AVIATRIX CONTROLLER IS ACTIVELY EXPLOITED, PATCH IMMEDIATELY!
Image
Veröffentlicht : 09/01/2025
Reference:
Advisory #2025-007
Version:
1.1
Affected software:
Aviatrix controller versions 7.x through 7.2.4820
Type:
Command Injection
CVE/CVSS:
CVE-2024-50603: CVSS 10 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)
Sources
Wiz.io - https://www.wiz.io/blog/wiz-research-identifies-exploitation-in-the-wild-of-aviatrix-cve-2024-50603
Risks
Aviatrix Controllers are single panes of glass to manage cloud networking solutions across various environments. If exposed to the public, exploitation of this vulnerability could allow unauthenticated attackers to execute arbitrary code remotely, leading to severe consequences, including unauthorized access to sensitive data, exfiltration, system compromise, and potential lateral movement within the network. Confidentiality, integrity and availability are all highly impacted.
Update (2025-01-27)
This vulnerability is actively exploited by threat actors to mine cryptocurrency using XMRig and to deploy Sliver backdoors for persistence.
Description
CVE-2024-50603 is a critical command injection vulnerability present in Aviatrix Controller versions 7.x through 7.2.4820.
The flaw arises from improper neutralization of special elements used in system commands, specifically within the API's handling of the cloud_type parameter in the list_flightpath_destination_instances action.
The lack of proper input validation for cloud_type allows attackers to append malicious commands via crafted HTTP requests. For instance, an attacker can send a POST request that includes a payload designed to execute arbitrary commands on the server.
Recommended Actions
Patch
The Centre for Cybersecurity Belgium strongly recommends installing updates for vulnerable devices with the highest priority, after thorough testing.
Aviatrix has addressed this issue in Controller version 7.2.4996, and users are strongly advised to update to this version to mitigate the risk.
Update (2025-01-27)
Please note that in certain circumstances, the patch is not fully persistent across controller upgrades and must be re-applied, even if the controller status is displayed as “Patched”. These circumstances are:
The patch was first applied to a version prior to 7.1.4191 or 7.2.4996.
The Controller is subsequently updated to a version prior to 7.1.4191 or 7.2.4996.
The Controller does not have an associated CoPilot running version 4.16.1 or higher.
Monitor/Detect
The CCB recommends organizations upscale monitoring and detection capabilities to identify any related suspicious activity, ensuring a swift response in case of an intrusion.
In case of an intrusion, you can report an incident via: https://ccb.belgium.be/cert/report-incident.
While patching appliances or software to the newest version may provide safety from future exploitation, it does not remediate historic compromise.