← ExploitWatch
HomeExploited Vulnerabilities

CVE-2024-50603 — Actively Exploited: Controllers (Aviatrix)

Aviatrix Controllers contain an OS command injection vulnerability that could allow an unauthenticated attacker to execute arbitrary code. Shell metacharacters can be sent to /v1/api in cloud_type for list_flightpath_destination_instances, or src_cloud_type for flightpath_connection_test.

CVE IDCVE-2024-50603
VendorAviatrix
ProductControllers
Vulnerability nameAviatrix Controllers OS Command Injection Vulnerability
Date added2025-01-16
Remediation due2025-02-06
Known ransomware useUnknown
Required actionApply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
DescriptionAviatrix Controllers contain an OS command injection vulnerability that could allow an unauthenticated attacker to execute arbitrary code. Shell metacharacters can be sent to /v1/api in cloud_type for list_flightpath_destination_instances, or src_cloud_type for flightpath_connection_test.
SourceCISA Known Exploited Vulnerabilities

🔍 Search all exploited vulnerabilities →