CVE-2024-51561 · CVEKit

cve.orgen

426 chars

This vulnerability exists in Aero due to improper implementation of OTP validation mechanism in certain API endpoints. An authenticated remote attacker could exploit this vulnerability by intercepting and manipulating the responses exchanged during the second factor authentication process. Successful exploitation of this vulnerability could allow the attacker to bypass OTP verification for accessing other user accounts.

NVDen

426 chars

This vulnerability exists in Aero due to improper implementation of OTP validation mechanism in certain API endpoints. An authenticated remote attacker could exploit this vulnerability by intercepting and manipulating the responses exchanged during the second factor authentication process. Successful exploitation of this vulnerability could allow the attacker to bypass OTP verification for accessing other user accounts.

NVDes

457 chars

Esta vulnerabilidad existe en Aero debido a la implementación incorrecta del mecanismo de validación OTP en ciertos endpoints de API. Un atacante remoto autenticado podría aprovechar esta vulnerabilidad interceptando y manipulando las respuestas intercambiadas durante el proceso de autenticación de segundo factor. La explotación exitosa de esta vulnerabilidad podría permitir al atacante omitir la verificación OTP para acceder a otras cuentas de usuario.

CVSS metrics across sources

3

Version	Type	Source	Base	Exp	Impact	Vector
3.1	Primary	NVD	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
4.0	Primary	cve.org	9.3	—	—	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L