Wiz Research Identifies Exploitation in the Wild of Aviatrix Controller RCE (CVE-2024-50603)

Wiz Research has confirmed active exploitation of a critical unauthenticated Remote Code Execution (RCE) vulnerability, tracked as CVE-2024-50603, affecting Aviatrix Controllers. This security flaw allows attackers to execute arbitrary code without authentication, potentially leading to privilege escalation within the AWS control plane. The Wiz Incident Response team is currently managing multiple incidents related to this vulnerability, highlighting the immediate risk to cloud infrastructure security. Due to the severity of potential compromise, including unauthorized access to cloud management layers, organizations utilizing Aviatrix Controllers are urged to apply patches immediately. Failure to mitigate this vulnerability exposes environments to significant operational risk and potential data breach. Security teams should prioritize vulnerability scanning and patch management processes to ensure protection against this active threat vector targeting cloud networking infrastructure.

The Wiz Incident Response team is currently responding to multiple incidents involving CVE-2024-50603, an Aviatrix Controller unauthenticated RCE vulnerability, that can lead to privileges escalation in the AWS control plane. Organizations should patch urgently.

Wiz Research has confirmed active exploitation of a critical unauthenticated Remote Code Execution (RCE) vulnerability, tracked as CVE-2024-50603, affecting Aviatrix Controllers. This security flaw allows attackers to execute arbitrary code without authentication, potentially leading to privilege escalation within the AWS control plane. The Wiz Incident Response team is currently managing multiple incidents related to this vulnerability, highlighting the immediate risk to cloud infrastructure security. Due to the severity of potential compromise, including unauthorized access to cloud management layers, organizations utilizing Aviatrix Controllers are urged to apply patches immediately. Failure to mitigate this vulnerability exposes environments to significant operational risk and potential data breach. Security teams should prioritize vulnerability scanning and patch management processes to ensure protection against this active threat vector targeting cloud networking infrastructure. The Wiz Incident Response team is currently responding to multiple incidents involving CVE-2024-50603, an Aviatrix Controller unauthenticated RCE vulnerability, that can lead to privileges escalation in the AWS control plane. Organizations should patch urgently. The Wiz Incident Response team is currently responding to multiple incidents involving CVE-2024-50603, an Aviatrix Controller unauthenticated RCE vulnerability, that can lead to privileges escalation in the AWS control plane. Organizations should patch urgently.