CVE-2024-51561
CVSS 3.1 Score 7.5 of 10 (high)
Details
Published Nov 4, 2024
Updated: Nov 6, 2024
CWE ID 807
Summary
CVE-2024-51561 is a vulnerability affecting the Aero platform. The issue stems from a flawed OTP validation mechanism in specific API endpoints. An authenticated attacker can exploit this weakness by intercepting and tampering with the responses during the second factor authentication procedure. By doing so, the attacker may bypass OTP verification, granting unauthorized access to other users' accounts.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Share