Vulnerability Exploited in Aviatrix Controller

A critical vulnerability (CVE-2024-50603) has been discovered in Aviatrix Controller, a popular cloud networking platform often used in Amazon Web Services (AWS). This vulnerability allows for remote code execution (RCE) and has been actively exploited in the wild with attackers deploying backdoors and cryptocurrency miners on compromised systems.

The Aviatrix Controller vulnerability is particularly concerning because many deployments in Amazon Web Services (AWS) allow for privilege escalation. If an attacker successfully exploits the vulnerability, they may be able to gain root-level access to the system, significantly increasing their impact and control.

Aviatrix released security advisories and patches to address the vulnerability.

Manner of attack

The vulnerability in Aviatrix Controller exploits a weakness in the platform's Application Programming Interface (API) handling. Attackers can leverage this weakness by crafting malicious requests that exploit improper data validation and input sanitization within the API. These crafted requests can then be used to execute arbitrary code on the underlying system, giving attackers control over the compromised environment.

This control allows attackers to perform a range of malicious activities, including:

• Deploying malware: Installing and executing malicious software, such as ransomware, spyware, or crypto miners.
• Stealing data: Exfiltrating sensitive data, including credentials, intellectual property, and customer information.
• Disrupting operations: Interfering with network connectivity, compromising services, or causing system outages.
• Establishing persistence: Installing backdoors or other mechanisms to maintain persistent access to the compromised system, allowing for future exploitation or further malicious activity.

Our guidance

Organizations utilizing Aviatrix Controller must take immediate action to mitigate this critical threat:

• Apply patches: Immediately apply the latest security patches released by Aviatrix (versions 7.1.4191 and 7.2.4996) that address the vulnerability.
• Restrict access: Implement strict access controls to the Aviatrix Controller. If possible, restrict public access to the Controller's API (port 443) to only authorized sources.
• Monitor systems: Closely monitor systems for any signs of suspicious activity, such as unusual network traffic, unauthorized access attempts, or unexpected changes to system configurations.
• Stay updated: Regularly check the Aviatrix security advisories and release notes for any new updates, patches, or mitigations related to this or other vulnerabilities.

How we help

ACA Aponix^® can help your firm build your cybersecurity program to strengthen your line of defense against cyberattacks. Our services include:

• Aponix Protect^TM is a cybersecurity and technology risk solution that helps you build a comprehensive risk management program tailored to your business needs.
• ACA Vantage for Cyber offers comprehensive cyber health monitoring for portfolio companies. It combines advisory services, ComplianceAlpha^® technology, and RealRisk assessments to provide insights, mitigate risks, and enhance your competitive edge.
• Aponix Business Continuity Plan (BCP) Assessment provides a comprehensive evaluation of your organization’s current preparedness for disruptions. It identifies critical business functions, assesses potential risks, and offers actionable recommendations to strengthen resilience.

Reach out to your ACA consultant or contact us to find out how ACA can help secure your firm against cyber threats and comply with regulatory expectations.