Aviatrix Controller list_flightpath_destination_instances command injection

Added: 02/04/2025

Background

Aviatrix Controller is a cloud networking platform that manages connectivity of cloud and hybrid networks.

Problem

A command injection vulnerability in the list_flightpath_destination_instances API action allows remote attackers to execute arbitrary commands.

Resolution

Apply security patch CVE-2024-50603 or upgrade to version 7.1.4191 or 7.2.4996 or higher.

References

https://docs.aviatrix.com/documentation/latest/release-notices/psirt-advisories/psirt-advisories.html?expand=true#remote-code-execution-vulnerability-in-aviatrix-controllers
https://www.securing.pl/en/cve-2024-50603-aviatrix-network-controller-command-injection-vulnerability/

Back to exploit index