1. Home
  2. Mapping Frameworks
  3. Known Exploited Vulnerabilities Home
  4. Aviatrix Controllers OS Command Injection Vulnerability

Known Exploited Vulnerabilities CVE-2024-50603

Aviatrix Controllers contain an OS command injection vulnerability that could allow an unauthenticated attacker to execute arbitrary code. Shell metacharacters can be sent to /v1/api in cloud_type for list_flightpath_destination_instances, or src_cloud_type for flightpath_connection_test.

Mappings

Capability ID Capability Description Mapping Type ATT&CK ID ATT&CK Name Notes
CVE-2024-50603 Aviatrix Controllers OS Command Injection Vulnerability exploitation_technique T1055 Process Injection
Comments
Due to improper handling of user input, an attacker can insert shell metacharacters into specific parameters, permitting the execution of arbitrary commands.
References
  1. https://www.securing.pl/en/cve-2024-50603-aviatrix-network-controller-command-injection-vulnerability/
CVE-2024-50603 Aviatrix Controllers OS Command Injection Vulnerability primary_impact T1059 Command and Scripting Interpreter
Comments
Due to improper handling of user input, an attacker can insert shell metacharacters into specific parameters, permitting the execution of arbitrary commands.
References
  1. https://www.securing.pl/en/cve-2024-50603-aviatrix-network-controller-command-injection-vulnerability/