info@thehackernews.com (The Hacker News)
2025-01-13 08:33:00
thehackernews.com
A recently disclosed critical security flaw impacting the Aviatrix Controller cloud networking platform has come under active exploitation in the wild to deploy backdoors and cryptocurrency miners.
Cloud security firm Wiz said it’s currently responding to “multiple incidents” involving the weaponization of CVE-2024-50603 (CVSS score: 10.0), a maximum severity bug that could result in unauthenticated remote code execution.
Put differently, a successful exploitation of the flaw could permit an attacker to inject malicious operating system commands owing to the fact that certain API endpoints do not adequately sanitize user-supplied input. The vulnerability has been addressed in versions 7.1.4191 and 7.2.4996.
Jakub Korepta, a security researcher at Polish cybersecurity company Securing, has been credited with discovering and reporting the shortcoming. A proof-of-concept (PoC) exploit has since been made publicly available.
Data gathered by the cybersecurity company shows that around 3% of cloud enterprise environments have Aviatrix Controller deployed, out of which 65% of them demonstrate a lateral movement path to administrative cloud control plane permissions. This, in turn, allows for privilege escalation in the cloud environment.
“When deployed in AWS cloud environments, Aviatrix Controller allows privilege escalation by default, making exploitation of this vulnerability a high-impact risk,” Wiz researchers Gal Nagli, Merav Bar, Gili Tikochinski, and Shaked Tanchuma said.
Real-world attacks exploiting CVE-2024-50603 are leveraging the initial access to target instances to mine cryptocurrency using XMRig and deploying the Sliver command-and-control (C2) framework, likely for persistence and follow-on exploitation.
“While we have yet to see direct evidence of cloud lateral movement, we do believe it likely that threat actors are utilizing the vulnerability to enumerate the cloud permissions of the host and then pivot to exfiltrating data from the victims’ cloud environments,” Wiz researchers said.
In light of active exploitation, users are recommended to apply the patches as soon as possible and prevent public access to Aviatrix Controller.
Upgrade your audio game with the Logitech for Creators Blue Yeti USB Microphone. With over 33,730 ratings and an impressive 4.6 out of 5 stars, it’s no wonder this is an Amazon’s Choice product. Recently, 5K+ units were purchased in the past month.
Available in five stunning colors: Teal, Silver, Pink Dawn, Midnight Blue, and Blackout, this microphone is perfect for creators looking to produce exceptional audio. Priced at only $84.99, it’s a deal you can’t afford to miss.
Elevate your recordings with clear broadcast-quality sound and explore your creativity with enhanced effects, advanced modulation, and HD audio samples. Order now for just $84.99 on Amazon!
Support Techcratic
If you find value in Techcratic’s insights and articles, consider supporting us with Bitcoin. Your support helps me, as a solo operator, continue delivering high-quality content while managing all the technical aspects, from server maintenance to blog writing, future updates, and improvements. Support Innovation! Thank you.
Bitcoin Address:
bc1qlszw7elx2qahjwvaryh0tkgg8y68enw30gpvge
Please verify this address before sending funds.
Bitcoin QR Code
Simply scan the QR code below to support Techcratic.
Please read the Privacy and Security Disclaimer on how Techcratic handles your support.
Disclaimer: As an Amazon Associate, Techcratic may earn from qualifying purchases.