A critical vulnerability in Aviatrix Controller allows for remote code execution and privilege escalation, putting several cloud deployments at risk. The vulnerability, CVE-2024-50603, was disclosed on January 7th and a proof-of-concept exploit became publicly available shortly after. Researchers warn that attackers are already exploiting the vulnerability, deploying malware and potentially gathering cloud permissions for future data exfiltration. Aviatrix recommends upgrading to version 7.2.4996 or applying a patch for vulnerable controllers.
"Several cloud deployments" are already compromised following the disclosure of the maximum-severity vulnerability in Aviatrix Controller, researchers say.
Aviatrix Controller is used to help manage and automate AWS deployments and is run by approximately 3 percent of all AWS customers, the researchers at Wiz said - a relatively small proportion of all customers. "This lateral movement potential makes Aviatrix Controller a prime target for threat actors aiming to move laterally and escalate their privileges in the cloud environment once gaining initial access to the controller via exploitation of this RCE."
Wiz said the successful attacks were carried out between January 7 and 10. It published the findings the following day, and it's unclear whether any more have happened since. Aviatrix said in itsAt the time of the vulnerability's disclosure, Jakub Korepta, head of infrastructure security at Polish vendor SecuRing and the individual who found the bug,Defenders can upgrade to version 7.2.4996, which is not vulnerable to CVE-2024-50603. The bug affects versions before 7.1.
AVIRATRIX CONTROLLER REMOTE CODE EXECUTION VULNERABILITY CVE-2024-50603 CLOUD SECURITY
United Kingdom Latest News, United Kingdom Headlines
Similar News:You can also read news stories similar to this one that we have collected from other news sources.
Stentrode: Brain Microchip Enables Communication for Millions with DisabilitiesSynchronized's Stentrode, a minimally invasive brain-computer interface, allows patients with paralysis to control devices like smartphones and smart assistants. A recent trial saw an ALS patient successfully write a message using the device. The technology holds potential for over 100 million people worldwide, enabling them to regain independence and connect with others.
Read more »
Digital dPCR Enables Accurate DNA Methylation Analysis Without Bisulfite ConversionA new dPCR-based method for DNA methylation analysis, the Digital LightCycler® dPCR System, offers a reliable alternative to traditional bisulfite conversion methods. By leveraging methylation-sensitive restriction enzymes (MSRE), this method achieves high accuracy even in CpG-rich regions.
Read more »
Breakthrough microchip technology enables multi-disease detectionIn a world grappling with a multitude of health threats -; ranging from fast-spreading viruses to chronic diseases and drug-resistant bacteria -; the need for quick, reliable, and easy-to-use home diagnostic tests has never been greater.
Read more »
Protein Platform Enables Advanced Immune Response EngineeringResearchers have developed a novel protein platform called TRACeR-I that can be used to engineer immune responses. TRACeR-I targets peptide antigens using a multiallelic MHC I-binding system, offering broad HLA compatibility.
Read more »
Innovative scanning technique enables better lung function monitoringA new method of scanning lungs is able to show the effects of treatment on lung function in real time and enable experts to see the functioning of transplanted lungs.
Read more »
Novel GECI TurCaMP Enables Accurate Monitoring of Mitochondrial Calcium SignalingA new genetically encoded calcium indicator (GECI) called TurCaMP has been developed that overcomes the limitations of existing GECIs by being insensitive to pH changes and exhibiting bright cyan fluorescence. This allows for accurate monitoring of mitochondrial calcium signaling, a critical process in energy metabolism and calcium homeostasis.
Read more »