CVE-2024-35058 – This vulnerability in NASA AIT-Core's API wait ... (How to Fix)

Q: What is the severity of CVE-2024-35058?

CVE-2024-35058 has a CVSS score of 7.5 (HIGH). This vulnerability in NASA AIT-Core's API wait function allows attackers to execute arbitrary code by sending a specially crafted string. It affects NASA AIT-Core version 2.5.2 and potentially earlier versions. Attackers can exploit this to gain control of affected systems.

📋 TL;DR

This vulnerability in NASA AIT-Core's API wait function allows attackers to execute arbitrary code by sending a specially crafted string. It affects NASA AIT-Core version 2.5.2 and potentially earlier versions. Attackers can exploit this to gain control of affected systems.

💻 Affected Systems

Products:

NASA AIT-Core

Versions: v2.5.2 and potentially earlier versions

Operating Systems: All platforms running AIT-Core

Default Config Vulnerable: ⚠️ Yes

Notes: Any system running the vulnerable AIT-Core version with the API accessible is affected.

📦 What is this software?

Ait Core by Nasa

View all CVEs affecting Ait Core →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full system compromise with attacker gaining root/administrator privileges, data exfiltration, and persistent backdoor installation.

🟠

Likely Case

Remote code execution leading to service disruption, data theft, and lateral movement within the network.

🟢

If Mitigated

Limited impact with proper network segmentation and access controls, potentially only affecting the AIT-Core service.

🌐 Internet-Facing: HIGH - The vulnerability can be exploited remotely via API calls, making internet-facing instances particularly vulnerable.

🏢 Internal Only: MEDIUM - Internal systems are still vulnerable but require network access, reducing exposure compared to internet-facing instances.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

The vulnerability appears to be exploitable without authentication via crafted API requests.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: v2.5.3 or later

Vendor Advisory: https://github.com/advisories/GHSA-4gxj-5mmr-7pxq

Restart Required: Yes

Instructions:

1. Backup current configuration and data. 2. Stop the AIT-Core service. 3. Upgrade to v2.5.3 or later. 4. Restart the service. 5. Verify the upgrade was successful.

🔧 Temporary Workarounds

Network Access Restriction

linux

Restrict network access to AIT-Core API endpoints to trusted IPs only

# Example using iptables for Linux
iptables -A INPUT -p tcp --dport [AIT-CORE-PORT] -s [TRUSTED-IP] -j ACCEPT
iptables -A INPUT -p tcp --dport [AIT-CORE-PORT] -j DROP

API Endpoint Disablement

all

Temporarily disable the vulnerable API wait function if not required

# Modify AIT-Core configuration to disable the wait API endpoint

🧯 If You Can't Patch

Implement strict network segmentation to isolate AIT-Core systems from critical infrastructure
Deploy web application firewall (WAF) rules to block suspicious API requests to the wait endpoint

🔍 How to Verify

Check if Vulnerable:

Check the AIT-Core version number in the application interface or configuration files

Check Version:

# Check version in AIT-Core configuration or via API if available

Verify Fix Applied:

Verify the version is v2.5.3 or later and test the API wait function with safe inputs

📡 Detection & Monitoring

Log Indicators:

Unusual API requests to wait endpoint
Multiple failed authentication attempts followed by API calls
Suspicious process creation from AIT-Core service

Network Indicators:

Unusual outbound connections from AIT-Core host
Traffic patterns indicating data exfiltration
Unexpected network scans originating from AIT-Core system

SIEM Query:

source="ait-core" AND (url="*/api/wait*" OR process="unusual_executable")

📊 Metadata

CVE ID: CVE-2024-35058

CVSS v3 Score: 7.5 (HIGH)

CVSS Vector: CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-319

Published: May 21, 2024

Last Updated: June 3, 2025

🔗 References

https://github.com/advisories/GHSA-4gxj-5mmr-7pxq Third Party Advisory
https://www.linkedin.com/pulse/remote-code-execution-via-man-in-the-middle-more-ujkze Exploit
https://github.com/advisories/GHSA-4gxj-5mmr-7pxq Third Party Advisory
https://www.linkedin.com/pulse/remote-code-execution-via-man-in-the-middle-more-ujkze Exploit

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-35058, you might also want to check these: