Threat Overview

Cybersecurity and Infrastructure Security Agency (CISA) has added a new vulnerability, CVE-2024-50603 affecting Aviatrix software-defined network (SDN), to its Known Exploited Vulnerabilities catalog. This addition serves as a warning to organizations that this vulnerability is being exploited in the wild and could expose them to potential cyberattacks.

Vulnerability Details

The vulnerability, identified as CVE-2024-50603, resides in Aviatrix’s SDN Controller. Successful exploitation enables an attacker to achieve remote code execution (RCE) on affected systems.

• CVSS Score: 9.8 (Critical)
• CWE: CWE-787 (Improper Neutralization of Input During Web Page Generation)

Threat Actor Group

No specific threat actor group has been identified as exploiting this vulnerability yet, but it is highly likely that various cybercriminal groups and even nation-state actors might target unpatched systems.

Recommendations

In light of this new development, we recommend the following actions:

• Patch Management: Prioritize patching CVE-2024-50603 on Aviatrix SDN Controller instances immediately. If patches are not yet available, consider applying temporary workarounds as recommended by Aviatrix and Wiz.
• Vulnerability Scanning: Regularly scan your network for this vulnerability using tools like Nessus or Tenable.
• Network Monitoring: Implement network monitoring solutions to detect anomalous activities indicative of exploit attempts.
• Incident Response Planning: Ensure you have an up-to-date incident response plan in place to quickly respond to potential security incidents.

References

For further details, please refer to the following resources:

• CISA Known Exploited Vulnerabilities Catalog:
• Wiz Research – Identifies Exploitation in the Wild of Aviatrix CVE-2024-50603: