CVE-2024-51561

EPSS 0.3%
Published 04.11.2024 13:17:05
Last modified 06.11.2024 15:59:22
Source vdisclose@cert-in.org.in
Teams watchlist Login
Open Login

This vulnerability exists in Aero due to improper implementation of OTP validation mechanism in certain API endpoints. An authenticated remote attacker could exploit this vulnerability by intercepting and manipulating the responses exchanged during the second factor authentication process.  

Successful exploitation of this vulnerability could allow the attacker to bypass OTP verification for accessing other user accounts.

Affected products Warnungen 0 Metrics 3 CWE 1 References 4

Data is provided by the National Vulnerability Database (NVD)

63moons ≫ Aero Version < 120820241550

63moons ≫ Wave 2.0 Version < 1.1.7

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.3%	0.526

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
vdisclose@cert-in.org.in	9.3	0	0	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

CWE-807 Reliance on Untrusted Inputs in a Security Decision

The product uses a protection mechanism that relies on the existence or values of an input, but the input can be modified by an untrusted actor in a way that bypasses the protection mechanism.

https://www.cert-in.org.in/s2cMainServlet?pageid=PUBVLNOTES01&VLCODE=CIVN-2024-0332

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2024-51561

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-51561

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-51561

EUVD