CVE-2024-51561

CVSS 3.1 Score 7.5 of 10 (high)

Details

Published Nov 4, 2024

Updated: Nov 6, 2024

CWE ID 807

Summary

CVE-2024-51561 is a vulnerability affecting the Aero platform. The issue stems from a flawed OTP validation mechanism in specific API endpoints. An authenticated attacker can exploit this weakness by intercepting and tampering with the responses during the second factor authentication procedure. By doing so, the attacker may bypass OTP verification, granting unauthorized access to other users' accounts.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/z-hvrb
https://www.cve.org/CVERecord?id=CVE-2024-51561
https://nvd.nist.gov/vuln/detail/CVE-2024-51561

Back to Vulnerability Database

CVE-2024-51561

CVSS 3.1 Score 7.5 of 10 (high)

Details

Summary

Advisories, Assessments, and Mitigations