Exploit for Aviatrix Controller list_flightpath_destination_instances command injection CVE-2024-50603

Name: Exploit for Aviatrix Controller list_flightpath_destination_instances command injection CVE-2024-50603
Rating: 5 (49 reviews)

2025-02-04 | CVSS 10.0

## https://sploitus.com/exploit?id=SAINT:5DF1A87060E1B6C4B5E5EAF3F360B01C
Added: 02/04/2025  


### Background

Aviatrix Controller is a cloud networking platform that manages connectivity of cloud and hybrid networks. 

### Problem

A command injection vulnerability in the list_flightpath_destination_instances API action allows remote attackers to execute arbitrary commands. 

### Resolution

Apply security patch CVE-2024-50603 or upgrade to version 7.1.4191 or 7.2.4996 or higher. 

### References

https://docs.aviatrix.com/documentation/latest/release-notices/psirt-advisories/psirt-advisories.html?expand=true#remote-code-execution-vulnerability-in-aviatrix-controllers   
https://www.securing.pl/en/cve-2024-50603-aviatrix-network-controller-command-injection-vulnerability/