## https://sploitus.com/exploit?id=SAINT:E007DD15B0F67F9B22680245F95D8FB8
Added: 02/04/2025
### Background
Aviatrix Controller is a cloud networking platform that manages connectivity of cloud and hybrid networks.
### Problem
A command injection vulnerability in the list_flightpath_destination_instances API action allows remote attackers to execute arbitrary commands.
### Resolution
Apply security patch CVE-2024-50603 or upgrade to version 7.1.4191 or 7.2.4996 or higher.
### References
https://docs.aviatrix.com/documentation/latest/release-notices/psirt-advisories/psirt-advisories.html?expand=true#remote-code-execution-vulnerability-in-aviatrix-controllers
https://www.securing.pl/en/cve-2024-50603-aviatrix-network-controller-command-injection-vulnerability/