CVE-2024-35061

Published: May 21, 2024Modified: Jun 3, 2025

7.3

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Exploitability: 3.9 / Impact: 3.4

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0 (Secondary)

Description

NASA AIT-Core v2.5.2 was discovered to use unencrypted channels to exchange data over the network, allowing attackers to execute a man-in-the-middle attack. When chained with CVE-2024-35059, the CVE in subject leads to an unauthenticated, fully remote code execution.

Affected (1)

Products: Nasa: Ait Core

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Nasa Ait Core	Up to 2.5.2

Related CWEs

Missing Encryption of Sensitive Data

The product does not encrypt sensitive or critical information before storage or transmission.

References (6)

https://github.com/advisories/GHSA-jqff-8g2v-642h

Source: cve@mitre.org

Not Applicable

https://github.com/advisories/GHSA-qv6x-53jj-vw59

Source: cve@mitre.org

Third Party Advisory

https://www.linkedin.com/pulse/remote-code-execution-via-man-in-the-middle-more-ujkze

Source: cve@mitre.org

Exploit

https://github.com/advisories/GHSA-jqff-8g2v-642h

Source: af854a3a-2127-422b-91ae-364da2661108

Not Applicable

https://github.com/advisories/GHSA-qv6x-53jj-vw59

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://www.linkedin.com/pulse/remote-code-execution-via-man-in-the-middle-more-ujkze

Source: af854a3a-2127-422b-91ae-364da2661108

Exploit

Timeline

No history available yet.