Critical Aviatrix Flaw Under Active Attack: Hackers Deploy Backdoors and Crypto Miners

Critical Aviatrix Flaw Under Active Attack: Hackers Deploy Backdoors and Crypto Miners

Critical Security Vulnerability in Aviatrix Controller Under Active Exploitation

A severe security flaw (CVE-2024-50603) in Aviatrix Controller systems is being actively exploited by cybercriminals to deploy backdoors and cryptocurrency miners. The vulnerability, discovered by Jakub Korepta in October 2024, affects all versions from 7.x through 7.2.4820 of the widely-used cloud networking platform.

Impact and Exploitation
The vulnerability stems from insufficient input sanitization in API actions, enabling unauthenticated attackers to execute remote commands through specially crafted API requests. According to Wiz Research, following a proof-of-concept exploit release on GitHub in January 2025, attackers are:
– Installing Sliver backdoors
– Deploying XMRig for unauthorized Monero mining
– Potentially exploring data exfiltration opportunities

Risk Assessment
While only 3% of cloud enterprise environments utilize Aviatrix Controller, the risk is significant:
– 65% of affected environments have potential lateral movement paths to administrative cloud permissions
– Compromised systems could lead to broader network access and privilege escalation

Remediation Steps
Organizations should immediately:
1. Upgrade to Aviatrix Controller version 7.1.4191 or 7.2.4996
2. Reapply patches if previously applied to older versions
3. Ensure Controller port 443 is not exposed to the internet
4. Follow recommended Controller IP access guidelines
5. Verify CoPilot is running version 4.16.1 or higher

Share This Article