A significant vulnerability in the Aviatrix Controller cloud networking platform, known for its widespread use in enterprise cloud environments, has recently become the target of malicious actors. Researchers from the cloud security firm Wiz have been actively responding to multiple incidents where this vulnerability has been exploited to deploy dangerous backdoors and cryptocurrency miners.
The Discovery and Response
Jakub Korepta, a dedicated security researcher at the Polish cybersecurity company Securing, initially uncovered the flaw, which was subsequently made public. Identified as CVE-2024-50603, this bug boasts a critical CVSS score of 10.0 due to its potential for unauthenticated remote code execution. In simpler terms, the flaw allows hackers to execute malicious commands across certain API endpoints that fail to properly sanitize user input. The vulnerability has since been patched in versions 7.1.4191 and 7.2.4996, following its discovery and a proof-of-concept (PoC) exploit released to the public.
The Exploitation: From Cryptocurrency Mining to Data Exfiltration
The real-world application of this vulnerability has seen cybercriminals deploying the Sliver command-and-control (C2) framework and utilizing the XMRig tool to mine cryptocurrency. These attacks are particularly dangerous because they exploit initial access to escalate privileges and potentially exfiltrate data from cloud environments. Wiz researchers Gal Nagli, Merav Bar, Gili Tikochinski, and Shaked Tanchuma noted, “While we have yet to see direct evidence of cloud lateral movement, it’s likely that threat actors are using this exploit to survey the cloud permissions of the host and then pivot to other malicious activities.”
Urgent Call to Action: Patch and Secure
In response to these ongoing threats, users of Aviatrix Controller are urged to apply the recommended patches immediately and limit public access to the vulnerable controllers. Aviatrix has proactively addressed the security gap by issuing a hot patch in November for various software versions, some of which had been out of support for nearly two years.
Aviatrix’s Commitment to Security
Following the patch release, Aviatrix has not only remedied the flaw but has also engaged in extensive outreach to ensure that their clients implement these crucial updates. “Our goal was 100% coverage, and we were gratified to see a significant portion of our customer base patched and hardened before we disclosed the vulnerability publicly on January 7th,” Aviatrix stated. The company continues to work closely with affected customers to restore their software to a secure state.
This incident underscores the critical need for ongoing vigilance and proactive security measures in protecting cloud environments. As cloud technologies become increasingly integral to corporate infrastructure, the responsibility to safeguard them against evolving cybersecurity threats grows. Enterprises are encouraged to stay ahead of potential threats by maintaining up-to-date software and adhering to best security practices.
