Hackers are exploiting a vulnerability in the Aviatrix console to deploy backdoors and cryptocurrency miners
A serious security vulnerability has recently been revealed that affects… Aviatrix controller The cloud networking platform has been actively exploited in the wild to deploy backdoors and cryptocurrency miners.
Cloud security company Wiz said it is currently responding to “multiple incidents” involving weaponization CVE-2024-50603 (CVSS score: 10.0), which is a very serious bug that can lead to unauthenticated remote code execution.
In other words, successful exploitation of the flaw could allow an attacker to inject malicious operating system commands due to the fact that some API endpoints do not appropriately sanitize user-supplied input. The vulnerability has been addressed in versions 7.1.4191 and 7.2.4996.
Jakub Korypta, a security researcher at Polish cybersecurity company Securing, is credited with discovering and reporting the flaw. The proof of concept (PoC) has since been exploited. Available to the public.
Data collected by the cybersecurity firm shows that about 3% of enterprise cloud environments have the Aviatrix Controller deployed, of which 65% show a lateral movement path to administrative cloud control plane permissions. This in turn allows for privilege escalation in the cloud environment.
“When deployed in AWS cloud environments, the Aviatrix Controller allows escalation of privileges by default, making exploitation of this vulnerability a high-impact risk,” Wiz researchers Gal Nagli, Merav Bar, Gili Tikocinsky, and Shaked Tanchuma He said.
Real-world attacks exploiting CVE-2024-50603 leverage initial access to targeted instances to mine cryptocurrency using XMRig and spread sliver The command and control (C2) framework, which is likely to persist and continue to be exploited.
“Although we have not yet seen direct evidence of cloud lateral movement, we believe it is likely that threat actors are using the vulnerability to enumerate host cloud permissions and then focus on stealing data from victims’ cloud environments,” Wiz researchers said.
In light of the active exploitation, users are advised to apply patches as soon as possible and block public access to the Aviatrix Controller.
https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh-HxqJR6AzlntsAuC3f7B8a0fVbZ9YCvRwWDQppeMq3lUIQMyJ3hSLbkQVMQbCkyid7pSuZFoYLeuJUVhE2NPcnFnwlztOhc1FN8dQyyNjRR4hvTG2TYN_59z_aEvwExF7Hycgt6_WyS9QmPLI_Y25FOVxJHQwMRFV6sGk9_oAkzVlDX5QMZKeeJ3nYLzn/s728-rw-e365/avi.png
