Vulnerability cyber

Aviatrix

Jan 15, 2025 1 min read
Aviatrix

Aviatrix, a provider of cloud networking services, experienced a critical vulnerability in their Aviatrix Controller product, identified as CVE-2024-50603. This flaw was exploited by malicious actors to orchestrate backdoor and cryptocurrency mining operations. The exploitation led to unauthorized command execution and potential privilege escalation within AWS cloud environments. Given that Aviatrix Controllers are deployed in many cloud enterprise settings, the impact of this security breach is considerable. The attackers employed XMRig for cryptojacking activities and deployed Sliver backdoors for persistence, with a real possibility of cloud lateral movement and data exfiltration.

Source: https://securityaffairs.com/173037/cyber-crime/aviatrix-controller-flaw-active-exploitation.html

TPRM report: https://scoringcyber.rankiteo.com/company/aviatrix-systems

"id": "avi000011525",
"linkid": "aviatrix-systems",
"type": "Vulnerability",
"date": "1/2025",
"severity": "100",
"impact": "3",
"explanation": "Attack with significant impact with internal employee data leaks"
{'affected_entities': [{'industry': 'Technology',
                        'name': 'Aviatrix',
                        'type': 'Cloud Networking Services Provider'}],
 'attack_vector': 'Critical Vulnerability Exploitation',
 'description': 'Aviatrix, a provider of cloud networking services, '
                'experienced a critical vulnerability in their Aviatrix '
                'Controller product, identified as CVE-2024-50603. This flaw '
                'was exploited by malicious actors to orchestrate backdoor and '
                'cryptocurrency mining operations. The exploitation led to '
                'unauthorized command execution and potential privilege '
                'escalation within AWS cloud environments. Given that Aviatrix '
                'Controllers are deployed in many cloud enterprise settings, '
                'the impact of this security breach is considerable. The '
                'attackers employed XMRig for cryptojacking activities and '
                'deployed Sliver backdoors for persistence, with a real '
                'possibility of cloud lateral movement and data exfiltration.',
 'impact': {'systems_affected': 'AWS cloud environments'},
 'initial_access_broker': {'backdoors_established': 'Sliver backdoors',
                           'entry_point': 'CVE-2024-50603',
                           'high_value_targets': ['AWS cloud environments']},
 'motivation': ['Cryptocurrency Mining', 'Backdoor Persistence'],
 'post_incident_analysis': {'root_causes': 'Critical Vulnerability '
                                           'CVE-2024-50603'},
 'title': 'Aviatrix Controller Cryptojacking and Backdoor Exploitation',
 'type': 'Cryptojacking and Backdoor Exploitation',
 'vulnerability_exploited': 'CVE-2024-50603'}
Published by
Jeremy C
Jeremy C
You might also like
Great! Next, complete checkout for full access to Rankiteo Blog.
Welcome back! You've successfully signed in.
You've successfully subscribed to Rankiteo Blog.
Success! Your account is fully activated, you now have access to all content.
Success! Your billing info has been updated.
Your billing was not updated.