CVE-2024-50603
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-01-08

Last updated on: 2025-11-05

Assigner: MITRE

Description
An issue was discovered in Aviatrix Controller before 7.1.4191 and 7.2.x before 7.2.4996. Due to the improper neutralization of special elements used in an OS command, an unauthenticated attacker is able to execute arbitrary code. Shell metacharacters can be sent to /v1/api in cloud_type for list_flightpath_destination_instances, or src_cloud_type for flightpath_connection_test.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-01-08
Last Modified
2025-11-05
Generated
2026-06-23
AI Q&A
2025-01-08
EPSS Evaluated
2026-06-21
NVD
CVE-2024-50603
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
aviatrix controller to 7.1.4191 (exc)
aviatrix controller From 7.2 (inc) to 7.2.4996 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-78 The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2024-50603 is a serious security issue found in certain versions of the Aviatrix Controller software. It allows attackers, who do not need to be authenticated, to run any code they want on the system. This happens because the software does not properly check or clean up certain inputs before using them, which means attackers can send harmful commands through the system's API.

Impact Analysis

If you use the affected Aviatrix Controller software, this vulnerability could allow an attacker to take control of your system remotely. They could access sensitive information or manipulate your network settings, which could lead to data breaches or service disruptions.

Compliance Impact

This vulnerability could put your organization at risk of non-compliance with regulations like GDPR and HIPAA. If an attacker exploits this vulnerability and accesses sensitive personal or health information, it could lead to data breaches, which are serious violations of these regulations. Organizations could face legal penalties and damage to their reputation.

Detection Guidance

To detect this vulnerability, you should check if your Aviatrix Controller is running a version before 7.1.4191 or between 7.2.0 and 7.2.4820. You can also monitor for unusual API requests that may indicate attempts to exploit this vulnerability, such as those containing special characters or commands in the 'cloud_type' parameter.

Mitigation Strategies

To mitigate this vulnerability, you should immediately update your Aviatrix Controller to the latest version that includes the security patch. Additionally, review your network security settings to restrict access to the API and monitor for any suspicious activity.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2024-50603. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart