AI Score
Confidence
Low
EPSS
Percentile
16.0%
SSVC
Exploitation
none
Automatable
no
Technical Impact
partial
NASA AIT-Core v2.5.2 was discovered to use unencrypted channels to exchange data over the network, allowing attackers to execute a man-in-the-middle attack. When chained with CVE-2024-35059, the CVE in subject leads to an unauthenticated, fully remote code execution.
[
{
"cpes": [
"cpe:2.3:a:nasa:ait-core:2.5.2:*:*:*:*:*:*:*"
],
"vendor": "nasa",
"product": "ait-core",
"versions": [
{
"status": "affected",
"version": "0",
"versionType": "custom",
"lessThanOrEqual": "2.5.2"
}
],
"defaultStatus": "unknown"
}
]