CVE-2024-50603 – This is a critical command injection vulnerabil... (How to Fix)

Q: What is the severity of CVE-2024-50603?

CVE-2024-50603 has a CVSS score of 10.0 (CRITICAL). This is a critical command injection vulnerability in Aviatrix Controller that allows unauthenticated attackers to execute arbitrary operating system commands. Attackers can exploit it by sending shell metacharacters to specific API endpoints, potentially gaining full control of affected systems. Organizations running vulnerable Aviatrix Controller versions are at immediate risk.

📋 TL;DR

This is a critical command injection vulnerability in Aviatrix Controller that allows unauthenticated attackers to execute arbitrary operating system commands. Attackers can exploit it by sending shell metacharacters to specific API endpoints, potentially gaining full control of affected systems. Organizations running vulnerable Aviatrix Controller versions are at immediate risk.

💻 Affected Systems

Products:

Aviatrix Controller

Versions: Versions before 7.1.4191 and 7.2.x before 7.2.4996

Operating Systems: All supported Aviatrix Controller platforms

Default Config Vulnerable: ⚠️ Yes

Notes: The vulnerability affects the default API endpoints /v1/api with specific parameters (cloud_type for list_flightpath_destination_instances, src_cloud_type for flightpath_connection_test).

📦 What is this software?

Controller by Aviatrix

View all CVEs affecting Controller →

Controller by Aviatrix

View all CVEs affecting Controller →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise leading to data exfiltration, lateral movement within the network, ransomware deployment, or persistent backdoor installation.

🟠

Likely Case

Unauthenticated remote code execution allowing attackers to run arbitrary commands, potentially leading to credential theft, network reconnaissance, and further exploitation.

🟢

If Mitigated

Limited impact if proper network segmentation, web application firewalls, and intrusion detection systems are in place to block exploitation attempts.

🌐 Internet-Facing: HIGH - The vulnerability is exploitable via unauthenticated API calls, making internet-facing controllers extremely vulnerable to automated attacks.

🏢 Internal Only: HIGH - Even internally accessible controllers are at high risk due to the unauthenticated nature of the vulnerability and potential for lateral movement.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

The vulnerability is listed in CISA's Known Exploited Vulnerabilities catalog, indicating active exploitation. The unauthenticated nature and command injection pattern make exploitation straightforward.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 7.1.4191 or later for 7.1.x branch, 7.2.4996 or later for 7.2.x branch

Vendor Advisory: https://docs.aviatrix.com/documentation/latest/release-notices/psirt-advisories/psirt-advisories.html?expand=true#remote-code-execution-vulnerability-in-aviatrix-controllers

Restart Required: Yes

Instructions:

1. Backup current configuration. 2. Download patched version from Aviatrix support portal. 3. Follow Aviatrix upgrade documentation for your deployment type. 4. Apply the patch and restart the controller. 5. Verify functionality post-upgrade.

🔧 Temporary Workarounds

Network Access Control

all

Restrict access to the Aviatrix Controller API endpoints to only trusted IP addresses or networks.

Use firewall rules to restrict access to port 443 (or your controller API port) to authorized IPs only

Web Application Firewall

all

Deploy a WAF with command injection protection rules to block exploitation attempts.

Configure WAF rules to detect and block shell metacharacters in API parameters

🧯 If You Can't Patch

Immediately isolate affected controllers from internet access and restrict internal network access
Implement strict network segmentation and monitor all traffic to/from Aviatrix controllers

🔍 How to Verify

Check if Vulnerable:

Check Aviatrix Controller version via web interface or CLI. If version is below 7.1.4191 (for 7.1.x) or below 7.2.4996 (for 7.2.x), the system is vulnerable.

Check Version:

From Aviatrix Controller CLI: 'show version' or check via web interface under Settings > Controller

Verify Fix Applied:

After patching, verify the version shows 7.1.4191+ or 7.2.4996+. Test API functionality to ensure no regression.

📡 Detection & Monitoring

Log Indicators:

Unusual API requests to /v1/api with shell metacharacters in parameters
Unexpected process execution from controller services
Failed authentication attempts followed by API exploitation

Network Indicators:

Unusual outbound connections from controller to external IPs
Traffic patterns indicating command and control activity
Spike in requests to vulnerable API endpoints

SIEM Query:

source="aviatrix-controller" AND (uri_path="/v1/api" AND (param="cloud_type" OR param="src_cloud_type") AND (value="*;*" OR value="*|*" OR value="*`*" OR value="*$(*"))

📊 Metadata

CVE ID: CVE-2024-50603

CVSS v3 Score: 10.0 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

CWE: CWE-78

EPSS Score: 94.35% exploit probability (100th percentile)

CISA KEV: Actively Exploited added Jan 16, 2025

Published: January 8, 2025

Last Updated: November 5, 2025

🔗 References

https://docs.aviatrix.com/documentation/latest/network-security/index.html Product
https://docs.aviatrix.com/documentation/latest/release-notices/psirt-advisories/psirt-advisories.html?expand=true#remote-code-execution-vulnerability-in-aviatrix-controllers Vendor Advisory
https://www.securing.pl/en/cve-2024-50603-aviatrix-network-controller-command-injection-vulnerability/ Exploit,Third Party Advisory
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-50603 US Government Resource

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-50603, you might also want to check these: