Cyber Resilience

CVE-2024-50603

CriticalCISA KEVActive ExploitationEUVD ExploitedPublic PoCRCE

Published: 08 January 2025

Published
08 January 2025
Modified
05 November 2025
KEV Added
16 January 2025
Patch
CVSS Score v3.1 10.0 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
EPSS Score 0.9436 100.0th percentile
Risk Priority 97 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-50603 is a critical-severity OS Command Injection (CWE-78) vulnerability in Aviatrix Controller. Its CVSS base score is 10.0 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 0.0% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).

Deeper analysis

Aviatrix Controller versions prior to 7.1.4191 and 7.2.x prior to 7.2.4996 contain a command injection vulnerability (CWE-78) caused by improper neutralization of special elements in OS commands. The flaw resides in the /v1/api endpoint, where the cloud_type parameter of the list_flightpath_destination_instances action and the src_cloud_type parameter of the flightpath_connection_test action accept unfiltered input that is passed directly to the underlying operating system.

An unauthenticated remote attacker can supply shell metacharacters in either parameter to execute arbitrary commands on the controller with full privileges. Successful exploitation yields complete control over the affected appliance, including the ability to read, modify, or delete data and to pivot into connected cloud networks, matching the CVSS 10.0 rating that reflects network-accessible attack complexity with no required credentials or user interaction.

Vendor advisories direct customers to upgrade immediately to the fixed releases and note that the patches address the command-injection vectors in the flightpath API handlers. The vulnerability appears in the CISA Known Exploited Vulnerabilities catalog, and its EPSS score has reached 0.9436, indicating substantial observed exploitation interest.

EU & UK References

Vulnerability details

An issue was discovered in Aviatrix Controller before 7.1.4191 and 7.2.x before 7.2.4996. Due to the improper neutralization of special elements used in an OS command, an unauthenticated attacker is able to execute arbitrary code. Shell metacharacters can be sent…

more

to /v1/api in cloud_type for list_flightpath_destination_instances, or src_cloud_type for flightpath_connection_test.

CWE(s)
KEV Date Added
16 January 2025

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
Why these techniques?

Remote unauthenticated command injection in public-facing Aviatrix Controller API directly enables T1190 (Exploit Public-Facing Application) for arbitrary code execution.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2026-1731Shared CWE-78both on KEV
CVE-2025-48703Shared CWE-78both on KEV
CVE-2024-40890Shared CWE-78both on KEV
CVE-2025-58034Shared CWE-78both on KEV
CVE-2025-11953Shared CWE-78both on KEV
CVE-2025-66644Shared CWE-78both on KEV
CVE-2025-9377Shared CWE-78both on KEV
CVE-2025-54948Shared CWE-78both on KEV
CVE-2026-25108Shared CWE-78both on KEV
CVE-2025-1316Shared CWE-78both on KEV

Affected Assets

aviatrix
controller
≤ 7.1.4191 · 7.2 — 7.2.4996

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly mitigates the command injection vulnerability by requiring timely flaw remediation through upgrading to fixed Aviatrix Controller versions 7.1.4191 or 7.2.4996.

prevent

Prevents exploitation by implementing input validation at vulnerable API endpoints to neutralize shell metacharacters in cloud_type and src_cloud_type parameters before OS command execution.

detect

Facilitates early identification of CVE-2024-50603 via regular vulnerability scanning, enabling remediation before exploitation.

References