A critical security flaw has recently been discovered that affects the Aviatrix controller the cloud network platform is being actively exploited in the wild to deploy backdoors and cryptocurrency miners.
Cloud security firm Wiz said it is currently responding to “several incidents” involving weapons CVE-2024-50603 (CVSS Score: 10.0), a maximum severity bug that could lead to unauthenticated remote code execution.
In other words, successful exploitation of the flaw could allow an attacker to execute malicious operating system commands due to certain API endpoints not properly sanitizing user input. The vulnerability was fixed in versions 7.1.4191 and 7.2.4996.
Jakub Korepta, a security researcher at Polish cybersecurity company Securing, was credited with discovering and reporting the flaw. Since then, there has been a proof-of-concept (PoC) exploit. made publicly available.
Data collected by the cybersecurity firm shows that about 3% of enterprise cloud environments have Aviatrix Controller deployed, with 65% of those showing lateral movement to administrative cloud control plane permissions. This, in turn, allows for increased privileges in the cloud environment.
“When deployed in cloud environments, AWS Aviatrix Controller allows elevation of privilege by default, making exploitation of this vulnerability high risk,” Wiz researchers Gal Nagli, Merav Bar, Gilly Tikachinsky, and Shaked Tanchuma said.
Real-world attacks using CVE-2024-50603 use initial access to target instances to mine cryptocurrency with XMRig and deploy A scrap command and control structure (C2) probably for preservation and subsequent operation.
“While we have yet to see direct evidence of cloud lateral movement, we believe it is likely that threat actors are using this vulnerability to enumerate a host’s cloud permissions and then proceed to extract data from the victim’s cloud environment,” Wiz researchers. said.
Due to active exploitation, users are advised to apply patches as soon as possible and prevent public access to the Aviatrix Controller.
