A not too way back disclosed essential security flaw impacting the Aviatrix Controller cloud networking platform has come beneath energetic exploitation throughout the wild to deploy backdoors and cryptocurrency miners.
Cloud security company Wiz acknowledged it’s at current responding to “a lot of incidents” involving the weaponization of CVE-2024-50603 (CVSS ranking: 10.0), a most severity bug that may result in unauthenticated distant code execution.
Put differently, a worthwhile exploitation of the flaw might enable an attacker to inject malicious working system directions owing to the reality that certain API endpoints don’t adequately sanitize user-supplied enter. The vulnerability has been addressed in variations 7.1.4191 and 7.2.4996.
Jakub Korepta, a security researcher at Polish cybersecurity agency Securing, has been credited with discovering and reporting the shortcoming. A proof-of-concept (PoC) exploit has since been made publicly available.
Information gathered by the cybersecurity agency reveals that spherical 3% of cloud enterprise environments have Aviatrix Controller deployed, out of which 65% of them present a lateral movement path to administrative cloud administration airplane permissions. This, in flip, permits for privilege escalation throughout the cloud environment.
“When deployed in AWS cloud environments, Aviatrix Controller permits privilege escalation by default, making exploitation of this vulnerability a high-impact hazard,” Wiz researchers Gal Nagli, Merav Bar, Gili Tikochinski, and Shaked Tanchuma said.
Precise-world assaults exploiting CVE-2024-50603 are leveraging the preliminary entry to give attention to conditions to mine cryptocurrency using XMRig and deploying the Sliver command-and-control (C2) framework, seemingly for persistence and follow-on exploitation.
“Whereas now we’ve however to see direct proof of cloud lateral movement, we do take into account it seemingly that menace actors are utilizing the vulnerability to enumerate the cloud permissions of the host after which pivot to exfiltrating information from the victims’ cloud environments,” Wiz researchers acknowledged.
In delicate of energetic exploitation, prospects are actually useful to make use of the patches as rapidly as doable and forestall public entry to Aviatrix Controller.
