How to fix CVE-2024-50603?

Within 24 hours: Identify all affected systems running Aviatrix Controller and apply vendor patches immediately. Validate that input sanitization is in place for all user-controlled parameters.

Is Command Injection affected by CVE-2024-50603?

Organizations using Aviatrix Controller face critical risk from CVE-2024-50603, a OS command injection vulnerability rated CVSS 10.0. Successful exploitation could allow attackers to execute arbitrary code or commands on affected systems, potentially leading to full system compromise.

CVE-2024-50603

CRITICAL

2025-01-08 [email protected]

10.0

CVSS 3.1

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Changed

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

Analysis Generated

Mar 28, 2026 - 18:02 vuln.today

Added to CISA KEV

Nov 05, 2025 - 19:11 cisa

CISA KEV

PoC Detected

Nov 05, 2025 - 19:11 vuln.today

Public exploit code

CVE Published

Jan 08, 2025 - 01:15 nvd

CRITICAL 10.0

Description

An issue was discovered in Aviatrix Controller before 7.1.4191 and 7.2.x before 7.2.4996. Due to the improper neutralization of special elements used in an OS command, an unauthenticated attacker is able to execute arbitrary code. Shell metacharacters can be sent to /v1/api in cloud_type for list_flightpath_destination_instances, or src_cloud_type for flightpath_connection_test.

Analysis

Aviatrix Controller before 7.1.4191 and 7.2.x before 7.2.4996 contains an OS command injection via improper neutralization of special elements in the /v1/api endpoint, allowing unauthenticated remote code execution.

Technical Context

The CWE-78 command injection in the list_flightpath_destination_instances and src_cloud_type parameters of /v1/api fails to sanitize shell metacharacters. Attackers inject OS commands that execute with the privileges of the Aviatrix Controller process.

Affected Products

['Aviatrix Controller before 7.1.4191', 'Aviatrix Controller 7.2.x before 7.2.4996']

Remediation

Update Aviatrix Controller immediately. Rotate all cloud API credentials accessible from the controller. Review cloud network configurations for unauthorized modifications. Restrict controller management interface access.

Priority Score

214

Low Medium High Critical

KEV: +50

EPSS: +94.4

CVSS: +50

POC: +20

CVE-2024-50603 vulnerability details – vuln.today

Back

CVE-2024-50603

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Affected Products

Remediation

Priority Score

Share

CVE-2024-50603

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Affected Products

Remediation

Priority Score

Share

External POC / Exploit Code