CVE-2024-35061

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2024-35061
NASA AIT-Core v2.5.2 was discovered to use unencrypted channels to exchange data over the network, allowing attackers to execute a man-in-the-middle attack. When chained with CVE-2024-35059, the CVE in subject leads to an unauthenticated, fully remote code execution.

7.3 /10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 3.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact LOW

Scope UNCHANGED

References
Link Resource
https://github.com/advisories/GHSA-jqff-8g2v-642h Not Applicable
https://github.com/advisories/GHSA-qv6x-53jj-vw59 Third Party Advisory
https://www.linkedin.com/pulse/remote-code-execution-via-man-in-the-middle-more-ujkze Exploit
https://github.com/advisories/GHSA-jqff-8g2v-642h Not Applicable
https://github.com/advisories/GHSA-qv6x-53jj-vw59 Third Party Advisory
https://www.linkedin.com/pulse/remote-code-execution-via-man-in-the-middle-more-ujkze Exploit
Configurations

Configuration 1 (hide)

cpe:2.3:a:nasa:ait_core:*:*:*:*:*:*:*:*
History

03 Jun 2025, 14:16

Type Values Removed Values Added
CPE cpe:2.3:a:nasa:ait_core:*:*:*:*:*:*:*:*
First Time Nasa
Nasa ait Core
References () https://github.com/advisories/GHSA-jqff-8g2v-642h - () https://github.com/advisories/GHSA-jqff-8g2v-642h - Not Applicable
References () https://github.com/advisories/GHSA-qv6x-53jj-vw59 - () https://github.com/advisories/GHSA-qv6x-53jj-vw59 - Third Party Advisory
References () https://www.linkedin.com/pulse/remote-code-execution-via-man-in-the-middle-more-ujkze - () https://www.linkedin.com/pulse/remote-code-execution-via-man-in-the-middle-more-ujkze - Exploit

21 Nov 2024, 09:19

Type Values Removed Values Added
References () https://github.com/advisories/GHSA-jqff-8g2v-642h - () https://github.com/advisories/GHSA-jqff-8g2v-642h -
References () https://github.com/advisories/GHSA-qv6x-53jj-vw59 - () https://github.com/advisories/GHSA-qv6x-53jj-vw59 -
References () https://www.linkedin.com/pulse/remote-code-execution-via-man-in-the-middle-more-ujkze - () https://www.linkedin.com/pulse/remote-code-execution-via-man-in-the-middle-more-ujkze -

17 Jul 2024, 16:15

Type Values Removed Values Added
References
  • () https://github.com/advisories/GHSA-jqff-8g2v-642h -
  • () https://github.com/advisories/GHSA-qv6x-53jj-vw59 -

03 Jul 2024, 02:01

Type Values Removed Values Added
CWE CWE-311
CVSS v2 : unknown
v3 : unknown 		v2 : unknown
v3 : 7.3

22 May 2024, 18:15

Type Values Removed Values Added
Summary
  • (es) Se descubrió que NASA AIT-Core v2.5.2 utiliza canales no cifrados para intercambiar datos a través de la red, lo que permite a los atacantes ejecutar un ataque man in the middle.
Summary (en) NASA AIT-Core v2.5.2 was discovered to use unencrypted channels to exchange data over the network, allowing attackers to execute a man-in-the-middle attack. (en) NASA AIT-Core v2.5.2 was discovered to use unencrypted channels to exchange data over the network, allowing attackers to execute a man-in-the-middle attack. When chained with CVE-2024-35059, the CVE in subject leads to an unauthenticated, fully remote code execution.

21 May 2024, 19:15

Type Values Removed Values Added
New CVE
Information

Published : 2024-05-21 19:15

Updated : 2025-06-03 14:16

NVD link : CVE-2024-35061

Mitre link : CVE-2024-35061

CVE.ORG link : CVE-2024-35061

JSON object : View

Products Affected

nasa

  • ait_core
CWE
CWE-311

Missing Encryption of Sensitive Data