Sign in / up

back to article Cryptojacking, backdoors abound as fiends abuse Aviatrix Controller bug

"Several cloud deployments" are already compromised following the disclosure of the maximum-severity vulnerability in Aviatrix Controller, researchers say. CVE-2024-50603 leads to remote code execution (RCE) and default deployments of Aviatrix Controller in AWS allow for privilege escalation, making it especially dangerous. …

COMMENTS

Post your comment
House rules Send corrections
Add to 'My topics' unstar *
  1. Teal Bee

    >Aviatrix Controller is run by approximately 3 percent of all AWS customers, [...] a relatively small proportion of all customers.

    That's still a large number of them when multiplied by the number of AWS business customers, estimated at around 1.5 million.

    I can't blame a researcher for publishing exploit code that is already in the hands of bad actors. Yes, this may enable a few script kiddies to do some damage, but those aren't the kind of people who negotiate ransom payments and employ money mules.

    1 3 Reply

POST COMMENT House rules

Not a member of The Register? Create a new account here.

Forgotten password ?

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like