NASA AIT-Core v2.5.2 was discovered to use unencrypted channels to exchange data over the network, allowing attackers to execute a man-in-the-middle attack. When chained with CVE-2024-35059, the CVE in subject leads to an unauthenticated, fully remote code execution.
CVSS
No CVSS.
References
| Link | Resource |
|---|---|
| https://github.com/advisories/GHSA-jqff-8g2v-642h | Not Applicable |
| https://github.com/advisories/GHSA-jqff-8g2v-642h | Not Applicable |
| https://github.com/advisories/GHSA-qv6x-53jj-vw59 | Third Party Advisory |
| https://github.com/advisories/GHSA-qv6x-53jj-vw59 | Third Party Advisory |
| https://www.linkedin.com/pulse/remote-code-execution-via-man-in-the-middle-more-ujkze | Exploit |
| https://www.linkedin.com/pulse/remote-code-execution-via-man-in-the-middle-more-ujkze | Exploit |
Configurations
History
03 Jun 2025, 14:16
| Type | Values Removed | Values Added |
|---|---|---|
| References | () https://github.com/advisories/GHSA-qv6x-53jj-vw59 - Third Party Advisory | |
| References | () https://github.com/advisories/GHSA-jqff-8g2v-642h - Not Applicable | |
| References | () https://www.linkedin.com/pulse/remote-code-execution-via-man-in-the-middle-more-ujkze - Exploit | |
| First Time |
Nasa
Nasa ait Core |
|
| CPE | cpe:2.3:a:nasa:ait_core:*:*:*:*:*:*:*:* |
17 Jul 2024, 16:15
| Type | Values Removed | Values Added |
|---|---|---|
| References |
|
22 May 2024, 18:15
| Type | Values Removed | Values Added |
|---|---|---|
| Summary | NASA AIT-Core v2.5.2 was discovered to use unencrypted channels to exchange data over the network, allowing attackers to execute a man-in-the-middle attack. When chained with CVE-2024-35059, the CVE in subject leads to an unauthenticated, fully remote code execution. |
21 May 2024, 19:15
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2024-05-21 19:15
Updated : 2025-06-03 14:16
NVD link : CVE-2024-35061
Mitre link : CVE-2024-35061
JSON object : View
Products Affected
nasa
- ait_core
CWE
No CWE.