Cryptojacking and backdoor compromise have been achieved by threat actors through the ongoing targeting of vulnerable Aviatrix Controllers by the now-addressed maximum severity remote code execution flaw, tracked as CVE-2024-50603, SC Media reports.
Wiz researchers said 65% of the nearly 3% of cloud enterprise environments that use Aviatrix Controllers to manage multi-cloud environments had lateral movement to admin control plane permissions, presenting a significant risk for privilege escalation following initial compromise.
Attackers were also noted by former National Security Agency cyber expert Evan Dornbush to potentially exploit the API endpoint issue to facilitate not only proprietary data compromise and denial-of-service, but also malware delivery and total server breaches.
The vulnerability's threat to organizational data has also been echoed by Opus Security co-founder and CEO Meny Har: "With regards to patching, a patch has indeed been made available to address this vulnerability. However, the urgency now is for security teams to implement this patch across all affected environments promptly. Since there’s evidence of this vulnerability being actively exploited, the associated risks significantly increases and this necessitates immediate action to secure the impacted environments."
