{"id":14645,"date":"2025-01-17T07:19:52","date_gmt":"2025-01-17T07:19:52","guid":{"rendered":"https:\/\/sekuritasit.com\/?p=14645"},"modified":"2025-01-17T07:19:52","modified_gmt":"2025-01-17T07:19:52","slug":"aviatrix-controllers-os-command-injection-vulnerability","status":"publish","type":"post","link":"https:\/\/sekuritasit.com\/index.php\/2025\/01\/17\/aviatrix-controllers-os-command-injection-vulnerability\/","title":{"rendered":"Aviatrix Controllers OS Command Injection Vulnerability"},"content":{"rendered":"<p>What is the Vulnerability?Aviatrix Controllers contain an OS command injection vulnerability that could allow an unauthenticated attacker to execute arbitrary code. The security vulnerability tracked as CVE-2024-50603, which rates 10 out of 10 on the CVSS scale, has been added to CISA\u2019s Known Exploited Vulnerabilities (KEV) Catalog on January 16, 2025. A proof-of-concept exploit has been published, and Wiz Research has observed exploitation in the wild resulting in cryptojacking and backdoor deployment. Wiz | BlogWhat is the recommended Mitigation?This vulnerability impacts Aviatrix Controller in versions before 7.1.4191 and versions 7.2.x before 7.2.4996. FortiGuard recommends applying the security patch provided by Aviatrix and following any guideline mentioned on the advisory. Aviatrix PSIRT Advisories: DocumentationWhat FortiGuard Coverage is available?FortiGuard recommends users to apply the fix provided by the vendor and follow instructions as mentioned on the vendor\u2019s advisory.\u00a0FortiGuard Labs has blocked all the known Indicators of Compromised (IOCs) including the Malware related to the campaign targeting CVE-2024-50603. Virus | FortiGuard LabsVirus | FortiGuard LabsThe FortiGuard Incident Response team can be engaged to help with any suspected compromise.FortiGuard IPS protection is being reviewed, and this Threat Signal will be updated accordingly as it becomes available.<a href=\"https:\/\/fortiguard.fortinet.com\/threat-signal-report\/5982\" target=\"_blank\" class=\"feedzy-rss-link-icon\">Read More<\/a>\u00a0<\/p>","protected":false},"excerpt":{"rendered":"<p>What is the Vulnerability?Aviatrix Controllers contain an OS command injection vulnerability that could allow an unauthenticated attacker to execute arbitrary code. The security vulnerability tracked as CVE-2024-50603, which rates 10 out of 10 on the CVSS scale, has been added to CISA\u2019s Known Exploited Vulnerabilities (KEV) Catalog on January 16, 2025. A proof-of-concept exploit has [&hellip;]<\/p>\n","protected":false},"author":0,"featured_media":0,"comment_status":"","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"om_disable_all_campaigns":false,"_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"footnotes":""},"categories":[1],"tags":[],"class_list":["post-14645","post","type-post","status-publish","format-standard","hentry","category-uncategorized"],"aioseo_notices":[],"aioseo_head":"\n\t\t<!-- All in One SEO 4.9.8 - aioseo.com -->\n\t<meta name=\"description\" content=\"What is the Vulnerability?Aviatrix Controllers contain an OS command injection vulnerability that could allow an unauthenticated attacker to execute arbitrary code. The security vulnerability tracked as CVE-2024-50603, which rates 10 out of 10 on the CVSS scale, has been added to CISA\u2019s Known Exploited Vulnerabilities (KEV) Catalog on January 16, 2025. A proof-of-concept exploit has\" \/>\n\t<meta name=\"robots\" content=\"max-image-preview:large\" \/>\n\t<link rel=\"canonical\" href=\"https:\/\/sekuritasit.com\/index.php\/2025\/01\/17\/aviatrix-controllers-os-command-injection-vulnerability\/\" \/>\n\t<meta name=\"generator\" content=\"All in One SEO (AIOSEO) 4.9.8\" \/>\n\t\t<meta property=\"og:locale\" content=\"en_US\" \/>\n\t\t<meta property=\"og:site_name\" content=\"Sekuritas IT \u203a Creative solutions to unique challenges.\" \/>\n\t\t<meta property=\"og:type\" content=\"article\" \/>\n\t\t<meta property=\"og:title\" content=\"Aviatrix Controllers OS Command Injection Vulnerability \u203a Sekuritas IT\" \/>\n\t\t<meta property=\"og:description\" content=\"What is the Vulnerability?Aviatrix Controllers contain an OS command injection vulnerability that could allow an unauthenticated attacker to execute arbitrary code. The security vulnerability tracked as CVE-2024-50603, which rates 10 out of 10 on the CVSS scale, has been added to CISA\u2019s Known Exploited Vulnerabilities (KEV) Catalog on January 16, 2025. A proof-of-concept exploit has\" \/>\n\t\t<meta property=\"og:url\" content=\"https:\/\/sekuritasit.com\/index.php\/2025\/01\/17\/aviatrix-controllers-os-command-injection-vulnerability\/\" \/>\n\t\t<meta property=\"article:published_time\" content=\"2025-01-17T07:19:52+00:00\" \/>\n\t\t<meta property=\"article:modified_time\" content=\"2025-01-17T07:19:52+00:00\" \/>\n\t\t<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/profile.php?id=100086973577423\" \/>\n\t\t<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n\t\t<meta name=\"twitter:title\" content=\"Aviatrix Controllers OS Command Injection Vulnerability \u203a Sekuritas IT\" \/>\n\t\t<meta name=\"twitter:description\" content=\"What is the Vulnerability?Aviatrix Controllers contain an OS command injection vulnerability that could allow an unauthenticated attacker to execute arbitrary code. The security vulnerability tracked as CVE-2024-50603, which rates 10 out of 10 on the CVSS scale, has been added to CISA\u2019s Known Exploited Vulnerabilities (KEV) Catalog on January 16, 2025. A proof-of-concept exploit has\" \/>\n\t\t<script type=\"application\/ld+json\" class=\"aioseo-schema\">\n\t\t\t{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"BlogPosting\",\"@id\":\"https:\\\/\\\/sekuritasit.com\\\/index.php\\\/2025\\\/01\\\/17\\\/aviatrix-controllers-os-command-injection-vulnerability\\\/#blogposting\",\"name\":\"Aviatrix Controllers OS Command Injection Vulnerability \\u203a Sekuritas IT\",\"headline\":\"Aviatrix Controllers OS Command Injection Vulnerability\",\"author\":{\"@id\":\"https:\\\/\\\/sekuritasit.com\\\/index.php\\\/author\\\/#author\"},\"publisher\":{\"@id\":\"https:\\\/\\\/sekuritasit.com\\\/#organization\"},\"datePublished\":\"2025-01-17T07:19:52+00:00\",\"dateModified\":\"2025-01-17T07:19:52+00:00\",\"inLanguage\":\"en-US\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/sekuritasit.com\\\/index.php\\\/2025\\\/01\\\/17\\\/aviatrix-controllers-os-command-injection-vulnerability\\\/#webpage\"},\"isPartOf\":{\"@id\":\"https:\\\/\\\/sekuritasit.com\\\/index.php\\\/2025\\\/01\\\/17\\\/aviatrix-controllers-os-command-injection-vulnerability\\\/#webpage\"},\"articleSection\":\"Uncategorized\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/sekuritasit.com\\\/index.php\\\/2025\\\/01\\\/17\\\/aviatrix-controllers-os-command-injection-vulnerability\\\/#breadcrumblist\",\"itemListElement\":[{\"@type\":\"ListItem\",\"@id\":\"https:\\\/\\\/sekuritasit.com#listItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/sekuritasit.com\",\"nextItem\":{\"@type\":\"ListItem\",\"@id\":\"https:\\\/\\\/sekuritasit.com\\\/index.php\\\/category\\\/uncategorized\\\/#listItem\",\"name\":\"Uncategorized\"}},{\"@type\":\"ListItem\",\"@id\":\"https:\\\/\\\/sekuritasit.com\\\/index.php\\\/category\\\/uncategorized\\\/#listItem\",\"position\":2,\"name\":\"Uncategorized\",\"item\":\"https:\\\/\\\/sekuritasit.com\\\/index.php\\\/category\\\/uncategorized\\\/\",\"nextItem\":{\"@type\":\"ListItem\",\"@id\":\"https:\\\/\\\/sekuritasit.com\\\/index.php\\\/2025\\\/01\\\/17\\\/aviatrix-controllers-os-command-injection-vulnerability\\\/#listItem\",\"name\":\"Aviatrix Controllers OS Command Injection Vulnerability\"},\"previousItem\":{\"@type\":\"ListItem\",\"@id\":\"https:\\\/\\\/sekuritasit.com#listItem\",\"name\":\"Home\"}},{\"@type\":\"ListItem\",\"@id\":\"https:\\\/\\\/sekuritasit.com\\\/index.php\\\/2025\\\/01\\\/17\\\/aviatrix-controllers-os-command-injection-vulnerability\\\/#listItem\",\"position\":3,\"name\":\"Aviatrix Controllers OS Command Injection Vulnerability\",\"previousItem\":{\"@type\":\"ListItem\",\"@id\":\"https:\\\/\\\/sekuritasit.com\\\/index.php\\\/category\\\/uncategorized\\\/#listItem\",\"name\":\"Uncategorized\"}}]},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/sekuritasit.com\\\/#organization\",\"name\":\"Sekuritas IT\",\"description\":\"Creative solutions to unique challenges.\",\"url\":\"https:\\\/\\\/sekuritasit.com\\\/\",\"sameAs\":[\"https:\\\/\\\/www.facebook.com\\\/profile.php?id=100086973577423\"]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/sekuritasit.com\\\/index.php\\\/2025\\\/01\\\/17\\\/aviatrix-controllers-os-command-injection-vulnerability\\\/#webpage\",\"url\":\"https:\\\/\\\/sekuritasit.com\\\/index.php\\\/2025\\\/01\\\/17\\\/aviatrix-controllers-os-command-injection-vulnerability\\\/\",\"name\":\"Aviatrix Controllers OS Command Injection Vulnerability \\u203a Sekuritas IT\",\"description\":\"What is the Vulnerability?Aviatrix Controllers contain an OS command injection vulnerability that could allow an unauthenticated attacker to execute arbitrary code. The security vulnerability tracked as CVE-2024-50603, which rates 10 out of 10 on the CVSS scale, has been added to CISA\\u2019s Known Exploited Vulnerabilities (KEV) Catalog on January 16, 2025. A proof-of-concept exploit has\",\"inLanguage\":\"en-US\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/sekuritasit.com\\\/#website\"},\"breadcrumb\":{\"@id\":\"https:\\\/\\\/sekuritasit.com\\\/index.php\\\/2025\\\/01\\\/17\\\/aviatrix-controllers-os-command-injection-vulnerability\\\/#breadcrumblist\"},\"author\":{\"@id\":\"https:\\\/\\\/sekuritasit.com\\\/index.php\\\/author\\\/#author\"},\"creator\":{\"@id\":\"https:\\\/\\\/sekuritasit.com\\\/index.php\\\/author\\\/#author\"},\"datePublished\":\"2025-01-17T07:19:52+00:00\",\"dateModified\":\"2025-01-17T07:19:52+00:00\"},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/sekuritasit.com\\\/#website\",\"url\":\"https:\\\/\\\/sekuritasit.com\\\/\",\"name\":\"Sekuritas IT\",\"alternateName\":\"Sekuritas\",\"description\":\"Creative solutions to unique challenges.\",\"inLanguage\":\"en-US\",\"publisher\":{\"@id\":\"https:\\\/\\\/sekuritasit.com\\\/#organization\"}}]}\n\t\t<\/script>\n\t\t<!-- All in One SEO -->\n\n","aioseo_head_json":{"title":"Aviatrix Controllers OS Command Injection Vulnerability \u203a Sekuritas IT","description":"What is the Vulnerability?Aviatrix Controllers contain an OS command injection vulnerability that could allow an unauthenticated attacker to execute arbitrary code. The security vulnerability tracked as CVE-2024-50603, which rates 10 out of 10 on the CVSS scale, has been added to CISA\u2019s Known Exploited Vulnerabilities (KEV) Catalog on January 16, 2025. A proof-of-concept exploit has","canonical_url":"https:\/\/sekuritasit.com\/index.php\/2025\/01\/17\/aviatrix-controllers-os-command-injection-vulnerability\/","robots":"max-image-preview:large","keywords":"","webmasterTools":{"miscellaneous":""},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"BlogPosting","@id":"https:\/\/sekuritasit.com\/index.php\/2025\/01\/17\/aviatrix-controllers-os-command-injection-vulnerability\/#blogposting","name":"Aviatrix Controllers OS Command Injection Vulnerability \u203a Sekuritas IT","headline":"Aviatrix Controllers OS Command Injection Vulnerability","author":{"@id":"https:\/\/sekuritasit.com\/index.php\/author\/#author"},"publisher":{"@id":"https:\/\/sekuritasit.com\/#organization"},"datePublished":"2025-01-17T07:19:52+00:00","dateModified":"2025-01-17T07:19:52+00:00","inLanguage":"en-US","mainEntityOfPage":{"@id":"https:\/\/sekuritasit.com\/index.php\/2025\/01\/17\/aviatrix-controllers-os-command-injection-vulnerability\/#webpage"},"isPartOf":{"@id":"https:\/\/sekuritasit.com\/index.php\/2025\/01\/17\/aviatrix-controllers-os-command-injection-vulnerability\/#webpage"},"articleSection":"Uncategorized"},{"@type":"BreadcrumbList","@id":"https:\/\/sekuritasit.com\/index.php\/2025\/01\/17\/aviatrix-controllers-os-command-injection-vulnerability\/#breadcrumblist","itemListElement":[{"@type":"ListItem","@id":"https:\/\/sekuritasit.com#listItem","position":1,"name":"Home","item":"https:\/\/sekuritasit.com","nextItem":{"@type":"ListItem","@id":"https:\/\/sekuritasit.com\/index.php\/category\/uncategorized\/#listItem","name":"Uncategorized"}},{"@type":"ListItem","@id":"https:\/\/sekuritasit.com\/index.php\/category\/uncategorized\/#listItem","position":2,"name":"Uncategorized","item":"https:\/\/sekuritasit.com\/index.php\/category\/uncategorized\/","nextItem":{"@type":"ListItem","@id":"https:\/\/sekuritasit.com\/index.php\/2025\/01\/17\/aviatrix-controllers-os-command-injection-vulnerability\/#listItem","name":"Aviatrix Controllers OS Command Injection Vulnerability"},"previousItem":{"@type":"ListItem","@id":"https:\/\/sekuritasit.com#listItem","name":"Home"}},{"@type":"ListItem","@id":"https:\/\/sekuritasit.com\/index.php\/2025\/01\/17\/aviatrix-controllers-os-command-injection-vulnerability\/#listItem","position":3,"name":"Aviatrix Controllers OS Command Injection Vulnerability","previousItem":{"@type":"ListItem","@id":"https:\/\/sekuritasit.com\/index.php\/category\/uncategorized\/#listItem","name":"Uncategorized"}}]},{"@type":"Organization","@id":"https:\/\/sekuritasit.com\/#organization","name":"Sekuritas IT","description":"Creative solutions to unique challenges.","url":"https:\/\/sekuritasit.com\/","sameAs":["https:\/\/www.facebook.com\/profile.php?id=100086973577423"]},{"@type":"WebPage","@id":"https:\/\/sekuritasit.com\/index.php\/2025\/01\/17\/aviatrix-controllers-os-command-injection-vulnerability\/#webpage","url":"https:\/\/sekuritasit.com\/index.php\/2025\/01\/17\/aviatrix-controllers-os-command-injection-vulnerability\/","name":"Aviatrix Controllers OS Command Injection Vulnerability \u203a Sekuritas IT","description":"What is the Vulnerability?Aviatrix Controllers contain an OS command injection vulnerability that could allow an unauthenticated attacker to execute arbitrary code. The security vulnerability tracked as CVE-2024-50603, which rates 10 out of 10 on the CVSS scale, has been added to CISA\u2019s Known Exploited Vulnerabilities (KEV) Catalog on January 16, 2025. A proof-of-concept exploit has","inLanguage":"en-US","isPartOf":{"@id":"https:\/\/sekuritasit.com\/#website"},"breadcrumb":{"@id":"https:\/\/sekuritasit.com\/index.php\/2025\/01\/17\/aviatrix-controllers-os-command-injection-vulnerability\/#breadcrumblist"},"author":{"@id":"https:\/\/sekuritasit.com\/index.php\/author\/#author"},"creator":{"@id":"https:\/\/sekuritasit.com\/index.php\/author\/#author"},"datePublished":"2025-01-17T07:19:52+00:00","dateModified":"2025-01-17T07:19:52+00:00"},{"@type":"WebSite","@id":"https:\/\/sekuritasit.com\/#website","url":"https:\/\/sekuritasit.com\/","name":"Sekuritas IT","alternateName":"Sekuritas","description":"Creative solutions to unique challenges.","inLanguage":"en-US","publisher":{"@id":"https:\/\/sekuritasit.com\/#organization"}}]},"og:locale":"en_US","og:site_name":"Sekuritas IT \u203a Creative solutions to unique challenges.","og:type":"article","og:title":"Aviatrix Controllers OS Command Injection Vulnerability \u203a Sekuritas IT","og:description":"What is the Vulnerability?Aviatrix Controllers contain an OS command injection vulnerability that could allow an unauthenticated attacker to execute arbitrary code. The security vulnerability tracked as CVE-2024-50603, which rates 10 out of 10 on the CVSS scale, has been added to CISA\u2019s Known Exploited Vulnerabilities (KEV) Catalog on January 16, 2025. A proof-of-concept exploit has","og:url":"https:\/\/sekuritasit.com\/index.php\/2025\/01\/17\/aviatrix-controllers-os-command-injection-vulnerability\/","article:published_time":"2025-01-17T07:19:52+00:00","article:modified_time":"2025-01-17T07:19:52+00:00","article:publisher":"https:\/\/www.facebook.com\/profile.php?id=100086973577423","twitter:card":"summary_large_image","twitter:title":"Aviatrix Controllers OS Command Injection Vulnerability \u203a Sekuritas IT","twitter:description":"What is the Vulnerability?Aviatrix Controllers contain an OS command injection vulnerability that could allow an unauthenticated attacker to execute arbitrary code. The security vulnerability tracked as CVE-2024-50603, which rates 10 out of 10 on the CVSS scale, has been added to CISA\u2019s Known Exploited Vulnerabilities (KEV) Catalog on January 16, 2025. A proof-of-concept exploit has"},"aioseo_meta_data":{"post_id":"14645","title":null,"description":null,"keywords":null,"keyphrases":null,"primary_term":null,"canonical_url":null,"og_title":null,"og_description":null,"og_object_type":"default","og_image_type":"default","og_image_url":null,"og_image_width":null,"og_image_height":null,"og_image_custom_url":null,"og_image_custom_fields":null,"og_video":null,"og_custom_url":null,"og_article_section":null,"og_article_tags":null,"twitter_use_og":false,"twitter_card":"default","twitter_image_type":"default","twitter_image_url":null,"twitter_image_custom_url":null,"twitter_image_custom_fields":null,"twitter_title":null,"twitter_description":null,"schema":{"blockGraphs":[],"customGraphs":[],"default":{"data":{"Article":[],"Course":[],"Dataset":[],"FAQPage":[],"Movie":[],"Person":[],"Product":[],"ProductReview":[],"Car":[],"Recipe":[],"Service":[],"SoftwareApplication":[],"WebPage":[]},"graphName":"","isEnabled":true},"graphs":[]},"schema_type":"default","schema_type_options":null,"pillar_content":false,"robots_default":true,"robots_noindex":false,"robots_noarchive":false,"robots_nosnippet":false,"robots_nofollow":false,"robots_noimageindex":false,"robots_noodp":false,"robots_notranslate":false,"robots_max_snippet":null,"robots_max_videopreview":null,"robots_max_imagepreview":"large","priority":null,"frequency":null,"local_seo":null,"breadcrumb_settings":null,"limit_modified_date":false,"ai":null,"created":"2025-01-17 07:27:09","updated":"2025-10-15 13:29:09","seo_analyzer_scan_date":null},"aioseo_breadcrumb":"<div class=\"aioseo-breadcrumbs\"><span class=\"aioseo-breadcrumb\">\n\t\t\t<a href=\"https:\/\/sekuritasit.com\" title=\"Home\">Home<\/a>\n\t\t<\/span><span class=\"aioseo-breadcrumb-separator\">&raquo;<\/span><span class=\"aioseo-breadcrumb\">\n\t\t\t<a href=\"https:\/\/sekuritasit.com\/index.php\/category\/uncategorized\/\" title=\"Uncategorized\">Uncategorized<\/a>\n\t\t<\/span><span class=\"aioseo-breadcrumb-separator\">&raquo;<\/span><span class=\"aioseo-breadcrumb\">\n\t\t\tAviatrix Controllers OS Command Injection Vulnerability\n\t\t<\/span><\/div>","aioseo_breadcrumb_json":[{"label":"Home","link":"https:\/\/sekuritasit.com"},{"label":"Uncategorized","link":"https:\/\/sekuritasit.com\/index.php\/category\/uncategorized\/"},{"label":"Aviatrix Controllers OS Command Injection Vulnerability","link":"https:\/\/sekuritasit.com\/index.php\/2025\/01\/17\/aviatrix-controllers-os-command-injection-vulnerability\/"}],"_links":{"self":[{"href":"https:\/\/sekuritasit.com\/index.php\/wp-json\/wp\/v2\/posts\/14645","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/sekuritasit.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/sekuritasit.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"replies":[{"embeddable":true,"href":"https:\/\/sekuritasit.com\/index.php\/wp-json\/wp\/v2\/comments?post=14645"}],"version-history":[{"count":1,"href":"https:\/\/sekuritasit.com\/index.php\/wp-json\/wp\/v2\/posts\/14645\/revisions"}],"predecessor-version":[{"id":14648,"href":"https:\/\/sekuritasit.com\/index.php\/wp-json\/wp\/v2\/posts\/14645\/revisions\/14648"}],"wp:attachment":[{"href":"https:\/\/sekuritasit.com\/index.php\/wp-json\/wp\/v2\/media?parent=14645"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/sekuritasit.com\/index.php\/wp-json\/wp\/v2\/categories?post=14645"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/sekuritasit.com\/index.php\/wp-json\/wp\/v2\/tags?post=14645"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}