Aviatrix Controllers contain an OS command injection vulnerability that could allow an unauthenticated attacker to execute arbitrary code. Shell metacharacters can be sent to /v1/api in cloud_type for list_flightpath_destination_instances, or src_cloud_type for flightpath_connection_test.
| Capability ID | Capability Description | Mapping Type | ATT&CK ID | ATT&CK Name | Notes |
|---|---|---|---|---|---|
| CVE-2024-50603 | Aviatrix Controllers OS Command Injection Vulnerability | exploitation_technique | T1055 | Process Injection |
Comments
Due to improper handling of user input, an attacker can insert shell metacharacters into specific parameters, permitting the execution of arbitrary commands.
References
|
| CVE-2024-50603 | Aviatrix Controllers OS Command Injection Vulnerability | primary_impact | T1059 | Command and Scripting Interpreter |
Comments
Due to improper handling of user input, an attacker can insert shell metacharacters into specific parameters, permitting the execution of arbitrary commands.
References
|