11 matches found
CVE-2024-50603
An issue was discovered in Aviatrix Controller before 7.1.4191 and 7.2.x before 7.2.4996. Due to the improper neutralization of special elements used in an OS command, an unauthenticated attacker is able to execute arbitrary code. Shell metacharacters can be sent to /v1/api in cloudtype for...
Aviatrix Controller list_flightpath_destination_instances command injection
Added: 02/04/2025 Background Aviatrix Controller is a cloud networking platform that manages connectivity of cloud and hybrid networks. Problem A command injection vulnerability in the listflightpathdestinationinstances API action allows remote attackers to execute arbitrary commands. Resolution...
Aviatrix Controller list_flightpath_destination_instances command injection
Added: 02/04/2025 Background Aviatrix Controller is a cloud networking platform that manages connectivity of cloud and hybrid networks. Problem A command injection vulnerability in the listflightpathdestinationinstances API action allows remote attackers to execute arbitrary commands. Resolution...
CISA Adds One Known Exploited Vulnerability to Catalog
CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2024-50603link is external Aviatrix Controllers OS Command Injection Vulnerability These types of vulnerabilities are frequent attack vectors for malicious cyber acto...
Hackers Use CVE-2024-50603 to Deploy Backdoor on Aviatrix Controllers
A critical vulnerability CVE-2024-50603 in the Aviatrix Controller allows unauthenticated RCE. Active exploitation observed by Wiz Research in…...
Hackers Exploit Aviatrix Controller Vulnerability to Deploy Backdoors and Crypto Miners
A recently disclosed critical security flaw impacting the Aviatrix Controller cloud networking platform has come under active exploitation in the wild to deploy backdoors and cryptocurrency miners. Cloud security firm Wiz said it's currently responding to "multiple incidents" involving the...
Exploit for OS Command Injection in Aviatrix Controller
CVE-20...
CVE-2024-50603
creationtimestamp| type| source ---|---|--- 2025-01-08 01:09:12+00:00| seen| https://infosec.exchange/users/cve/statuses/113790061901237352 2025-01-08 01:15:28+00:00| seen| https://bsky.app/profile/cve-notifications.bsky.social/post/3lf6yghkmun2f 2025-01-08 01:37:28+00:00| seen|...
CVE-2024-50603
An issue was discovered in Aviatrix Controller before 7.1.4191 and 7.2.x before 7.2.4996. Due to the improper neutralization of special elements used in an OS command, an unauthenticated attacker is able to execute arbitrary code. Shell metacharacters can be sent to /v1/api in cloudtype for...
CVE-2024-50603
An issue was discovered in Aviatrix Controller before 7.1.4191 and 7.2.x before 7.2.4996. Due to the improper neutralization of special elements used in an OS command, an unauthenticated attacker is able to execute arbitrary code. Shell metacharacters can be sent to /v1/api in cloudtype for...
CVE-2024-50603
CVE-2024-50603 in Aviatrix Controller (versions < 7.1.4191 for 7.1.x and