This vulnerability exists in Aero due to improper implementation of OTP validation mechanism in certain API endpoints. An authenticated remote attacker could exploit this vulnerability by intercepting and manipulating the responses exchanged during the second factor authentication process. Successful exploitation of this vulnerability could allow the attacker to bypass OTP verification for accessing other user accounts.
History

Wed, 06 Nov 2024 16:15:00 +0000

Type Values Removed Values Added
First Time appeared 63moons
63moons aero
63moons wave 2.0
Weaknesses NVD-CWE-Other
CPEs cpe:2.3:a:63moons:aero:*:*:*:*:*:*:*:*
cpe:2.3:a:63moons:wave_2.0:*:*:*:*:*:*:*:*
Vendors & Products 63moons
63moons aero
63moons wave 2.0
Metrics cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N'}


Mon, 04 Nov 2024 15:15:00 +0000

Type Values Removed Values Added
First Time appeared Brokeragetechnologysolutions
Brokeragetechnologysolutions aero
CPEs cpe:2.3:a:brokeragetechnologysolutions:aero:*:*:*:*:*:*:*:*
Vendors & Products Brokeragetechnologysolutions
Brokeragetechnologysolutions aero
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Mon, 04 Nov 2024 12:45:00 +0000

Type Values Removed Values Added
Description This vulnerability exists in Aero due to improper implementation of OTP validation mechanism in certain API endpoints. An authenticated remote attacker could exploit this vulnerability by intercepting and manipulating the responses exchanged during the second factor authentication process. Successful exploitation of this vulnerability could allow the attacker to bypass OTP verification for accessing other user accounts.
Title Authentication bypass Vulnerability in Aero
Weaknesses CWE-807
References
Metrics cvssV4_0

{'score': 9.3, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L'}


cve-icon MITRE

Status: PUBLISHED

Assigner: CERT-In

Published: 2024-11-04T12:29:20.563Z

Updated: 2024-11-04T14:59:07.883Z

Reserved: 2024-10-29T12:55:06.456Z

Link: CVE-2024-51561

cve-icon Vulnrichment

Updated: 2024-11-04T14:59:03.207Z

cve-icon NVD

Status : Analyzed

Published: 2024-11-04T13:17:05.963

Modified: 2024-11-06T15:59:22.287

Link: CVE-2024-51561

cve-icon Redhat

No data.