Vulnerability Description
NASA AIT-Core v2.5.2 was discovered to use unencrypted channels to exchange data over the network, allowing attackers to execute a man-in-the-middle attack. When chained with CVE-2024-35059, the CVE in subject leads to an unauthenticated, fully remote code execution.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Nasa | Ait Core | <= 2.5.2 |
Related Weaknesses (CWE)
References
- https://github.com/advisories/GHSA-jqff-8g2v-642hNot Applicable
- https://github.com/advisories/GHSA-qv6x-53jj-vw59Third Party Advisory
- https://www.linkedin.com/pulse/remote-code-execution-via-man-in-the-middle-more-Exploit
- https://github.com/advisories/GHSA-jqff-8g2v-642hNot Applicable
- https://github.com/advisories/GHSA-qv6x-53jj-vw59Third Party Advisory
- https://www.linkedin.com/pulse/remote-code-execution-via-man-in-the-middle-more-Exploit
FAQ
What is CVE-2024-35061?
CVE-2024-35061 is a vulnerability with a CVSS score of 7.3 (HIGH). NASA AIT-Core v2.5.2 was discovered to use unencrypted channels to exchange data over the network, allowing attackers to execute a man-in-the-middle attack. When chained with CVE-2024-35059, the CVE i...
How severe is CVE-2024-35061?
CVE-2024-35061 has been rated HIGH with a CVSS base score of 7.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2024-35061?
Check the references section above for vendor advisories and patch information. Affected products include: Nasa Ait Core.