CVE-2024-35061

CVSS v3.1

7.3

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Name of the Vulnerable Software and Affected Versions NASA AIT-Core version 2.5.2

Description The issue allows attackers to execute a man-in-the-middle attack due to the use of unencrypted channels for data exchange over the network. This can lead to unauthenticated, fully remote code execution when combined with other vulnerabilities.

Recommendations For NASA AIT-Core version 2.5.2, consider implementing encrypted communication channels to prevent man-in-the-middle attacks. As a temporary workaround, restrict network access to trusted sources until a patch is available.

Exploit

Fix

Missing Encryption of Sensitive Data

Special Elements Injection

Cleartext Transmission of Sensitive Information

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-311CWE-74CWE-319

Related Identifiers

CVE-2024-35061

GHSA-JQFF-8G2V-642H

GHSA-QV6X-53JJ-VW59

Affected Products

Nasa Ait-Core

CVE-2024-35061

Weakness Enumeration

Related Identifiers

Affected Products

References · 14