Researchers have revealed that several cloud deployments have already been compromised due to the maximum-severity vulnerability, CVE-2024-50603, in Aviatrix Controller.
The vulnerability CVE-2024-50603 leads to remote code execution and is particularly dangerous as defaults allow privilege escalation, posing significant risks for users.
In 65% of cloud environments running Aviatrix Controller, attackers can gain admin permissions due to high IAM privileges granted by default, enabling lateral movement.
The publication of a proof-of-concept exploit just a day after the vulnerability disclosed on January 7 presents an urgency for organizations to apply necessary patches.
Collection
[
|
...
]