CVE-2024-50603
Aviatrix Controllers OS Command Injection Vulnerability
⚠ KEVEPSS 94.4%
Description
Aviatrix Controllers contain an OS command injection vulnerability that could allow an unauthenticated attacker to execute arbitrary code. Shell metacharacters can be sent to /v1/api in cloud_type for list_flightpath_destination_instances, or src_cloud_type for flightpath_connection_test.
How to fix CVE-2024-50603
No package mapping is available — consult the references below for vendor-specific guidance.
Is CVE-2024-50603 being exploited?
Yes — CVE-2024-50603 is on the CISA Known Exploited Vulnerabilities (KEV) catalog. Patch immediately.
Affected packages (0)
No package mapping in OSV.