Login Sign Up

CVE-2024-35061

7.3 HIGH
Remote Code Execution

📋 TL;DR

NASA AIT-Core v2.5.2 uses unencrypted network channels, enabling man-in-the-middle attacks. When combined with CVE-2024-35059, this allows unauthenticated remote code execution. Organizations using AIT-Core v2.5.2 are affected.

💻 Affected Systems

Products:
  • NASA AIT-Core
Versions: v2.5.2
Operating Systems: All platforms running AIT-Core
Default Config Vulnerable: ⚠️ Yes
Notes: Requires chaining with CVE-2024-35059 for full RCE. Unencrypted communication is the default configuration.

📦 What is this software?

Ait Core by Nasa

View all CVEs affecting Ait Core →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full system compromise via unauthenticated remote code execution leading to data theft, system destruction, or lateral movement.

🟠

Likely Case

Data interception and manipulation through man-in-the-middle attacks, potentially leading to credential theft or data corruption.

🟢

If Mitigated

Limited to network sniffing without RCE if CVE-2024-35059 is patched or other controls prevent exploitation.

🌐 Internet-Facing: HIGH - Unauthenticated RCE via MITM makes internet-facing instances extremely vulnerable.
🏢 Internal Only: MEDIUM - Internal attackers or compromised systems could exploit this, but requires network access.

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: MEDIUM

Exploitation requires chaining two CVEs and MITM positioning, but public advisories provide technical details.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: v2.5.3 or later

Vendor Advisory: https://github.com/advisories/GHSA-jqff-8g2v-642h

Restart Required: Yes

Instructions:

1. Update AIT-Core to v2.5.3 or later. 2. Restart all AIT-Core services. 3. Verify encryption is enabled in configuration.

🔧 Temporary Workarounds

Enable TLS/SSL Encryption

all

Configure AIT-Core to use encrypted channels instead of plaintext communication.

# Edit AIT-Core configuration to enable SSL/TLS
# Set appropriate encryption settings in config files

Network Segmentation

all

Isolate AIT-Core systems to prevent MITM attacks from untrusted networks.

# Configure firewall rules to restrict AIT-Core traffic
# Use VLANs or network zones to isolate systems

🧯 If You Can't Patch

  • Implement strict network controls to prevent MITM attacks (VPNs, encrypted tunnels, network segmentation)
  • Monitor for unusual network traffic patterns and implement IDS/IPS rules for AIT-Core communication

🔍 How to Verify

Check if Vulnerable:

Check AIT-Core version: if v2.5.2 and using default configuration, system is vulnerable.

Check Version:

# Check AIT-Core version in application logs or via package manager

Verify Fix Applied:

Verify AIT-Core version is v2.5.3+ and check configuration for enabled encryption.

📡 Detection & Monitoring

Log Indicators:

  • Unusual process execution from AIT-Core
  • Authentication failures or unexpected user activity

Network Indicators:

  • Unencrypted AIT-Core network traffic on unusual ports
  • MITM attack patterns in network logs

SIEM Query:

source="ait-core" AND (event_type="process_execution" OR protocol="plaintext")

📊 Metadata

CVE ID: CVE-2024-35061
CVSS v3 Score: 7.3 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
CWE: CWE-311
Published: May 21, 2024
Last Updated: June 3, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-35061, you might also want to check these:

CVE-2023-6339 10.0

CVE-2023-6339 is a critical vulnerability in Google Nest WiFi Pro routers that allows remote attacke...

Same vulnerability type (CWE-311)
CVE-2025-69969 9.6

This critical vulnerability in Pebble Prism Ultra v2.9.2 allows attackers within Bluetooth range to ...

Same vulnerability type (CWE-311)
CVE-2021-27779 9.1

CVE-2021-27779 is a critical information disclosure vulnerability in HCL VersionVault Express that e...

Same vulnerability type (CWE-311)