What is the Vulnerability?Aviatrix Controllers contain an OS command injection vulnerability that could allow an unauthenticated attacker to execute arbitrary code. The security vulnerability tracked as CVE-2024-50603, which rates 10 out of 10 on the CVSS scale, has been added to CISA’s Known Exploited Vulnerabilities (KEV) Catalog on January 16, 2025. A proof-of-concept exploit has been published, and Wiz Research has observed exploitation in the wild resulting in cryptojacking and backdoor deployment. Wiz | BlogWhat is the recommended Mitigation?This vulnerability impacts Aviatrix Controller in versions before 7.1.4191 and versions 7.2.x before 7.2.4996. FortiGuard recommends applying the security patch provided by Aviatrix and following any guideline mentioned on the advisory. Aviatrix PSIRT Advisories: DocumentationWhat FortiGuard Coverage is available?FortiGuard recommends users to apply the fix provided by the vendor and follow instructions as mentioned on the vendor’s advisory. FortiGuard Labs has blocked all the known Indicators of Compromised (IOCs) including the Malware related to the campaign targeting CVE-2024-50603. Virus | FortiGuard LabsVirus | FortiGuard LabsThe FortiGuard Incident Response team can be engaged to help with any suspected compromise.FortiGuard IPS protection is being reviewed, and this Threat Signal will be updated accordingly as it becomes available.
