Aviatrix, a provider of cloud networking services, experienced a critical vulnerability in their Aviatrix Controller product, identified as CVE-2024-50603. This flaw was exploited by malicious actors to orchestrate backdoor and cryptocurrency mining operations. The exploitation led to unauthorized command execution and potential privilege escalation within AWS cloud environments. Given that Aviatrix Controllers are deployed in many cloud enterprise settings, the impact of this security breach is considerable. The attackers employed XMRig for cryptojacking activities and deployed Sliver backdoors for persistence, with a real possibility of cloud lateral movement and data exfiltration.
Source: https://securityaffairs.com/173037/cyber-crime/aviatrix-controller-flaw-active-exploitation.html
"id": "avi000011525",
"linkid": "aviatrix-systems",
"type": "Vulnerability",
"date": "1/2025",
"severity": "100",
"impact": "3",
"explanation": "Attack with significant impact with internal employee data leaks"