Lucene search
MitreVULNRICHMENT:CVE-2024-35061HistoryMay 21, 2024 - 12:00 a.m.
CVE-2024-35061
2024-05-2100:00:00
mitre
github.com
4
cve-2024-35061
nasa
ait-core
unencrypted channels
data exchange
network
man-in-the-middle
cve-2024-35059
unauthenticated
remote code execution
AI Score
7.6
Confidence
Low
EPSS
0
Percentile
16.0%
SSVC
Exploitation
none
Automatable
no
Technical Impact
partial
NASA AIT-Core v2.5.2 was discovered to use unencrypted channels to exchange data over the network, allowing attackers to execute a man-in-the-middle attack. When chained with CVE-2024-35059, the CVE in subject leads to an unauthenticated, fully remote code execution.
ADP Affected
[
{
"cpes": [
"cpe:2.3:a:nasa:ait-core:2.5.2:*:*:*:*:*:*:*"
],
"vendor": "nasa",
"product": "ait-core",
"versions": [
{
"status": "affected",
"version": "0",
"versionType": "custom",
"lessThanOrEqual": "2.5.2"
}
],
"defaultStatus": "unknown"
}
]Related
cvelist
cvelist
CVE-2024-35061
2024-05-21 00:00:00
CVE-2024-35059
2024-05-21 00:00:00
nvd
nvd
CVE-2024-35061
2024-05-21 19:15:10
CVE-2024-35059
2024-05-21 19:15:10
cve
cve
CVE-2024-35061
2024-05-21 19:15:10
CVE-2024-35059
2024-05-21 19:15:10
veracode
veracode
Remote Code Execution (RCE)
2024-05-27 06:14:27
Cleartext Transmission Of Sensitive Information
2024-05-24 08:46:47
vulnrichment
vulnrichment
CVE-2024-35059
2024-05-21 00:00:00
github
github
NASA AIT-Core uses unencrypted channels to exchange data over the network
2024-05-21 21:30:27
NASA AIT-Core vulnerable to remote code execution
2024-05-21 21:30:27
osv
osv
NASA AIT-Core vulnerable to remote code execution
2024-05-21 21:30:27
NASA AIT-Core uses unencrypted channels to exchange data over the network
2024-05-21 21:30:27
AI Score
7.6
Confidence
Low
EPSS
0
Percentile
16.0%
SSVC
Exploitation
none
Automatable
no
Technical Impact
partial
Related for VULNRICHMENT:CVE-2024-35061