How severe is CVE-2024-51561?

This vulnerability has a severity rating of CRITICAL with a CVSS score of 7.5 out of 10.

What type of vulnerability is CVE-2024-51561?

This is classified as CWE-807, which is a common weakness in software security.

CVE-2024-51561 - CRITICAL Severity | CVSS 7.5

Vulnerability Description

This vulnerability exists in Aero due to improper implementation of OTP validation mechanism in certain API endpoints. An authenticated remote attacker could exploit this vulnerability by intercepting and manipulating the responses exchanged during the second factor authentication process. Successful exploitation of this vulnerability could allow the attacker to bypass OTP verification for accessing other user accounts.

Related Vulnerabilities

CVE-2023-0009

HIGH

CVSS:7.8(High)

A local privilege escalation (PE) vulnerability in the Palo Alto Networks GlobalProtect app on Windows enables a local user to execute programs with elevated privileges.

CWE-8072023

CVE-2023-46686

HIGH

CVSS:7.1(High)

A reliance on untrusted inputs in a security decision could be exploited by a privileged user to configure the Gallagher Command Centre Diagnostics Service to use less secure communication protocols. ...

CWE-8072023

CVE-2021-31999

HIGH

CVSS:8.8(High)

A Reliance on Untrusted Inputs in a Security Decision vulnerability in Rancher allows users in the cluster to act as others users in the cluster by forging the "Impersonate-User" or "Impersonate-Group...

CWE-8072021

CVE-2021-36777

HIGH

CVSS:8.8(High)

A Reliance on Untrusted Inputs in a Security Decision vulnerability in the login proxy of the openSUSE Build service allowed attackers to present users with a expected login form that then sends the c...

CWE-8072021

CVE-2024-55354

HIGH

CVSS:8.8(High)

Lucee before 5.4.7.3 LTS and 6 before 6.1.1.118, when an attacker can place files on the server, is vulnerable to a protection mechanism failure that can let an attacker run code that would be expecte...

CWE-8072024

CVE-2021-29479

MEDIUM

CVSS:6.1(Medium)

Ratpack is a toolkit for creating web applications. In versions prior to 1.9.0, a user supplied `X-Forwarded-Host` header can be used to perform cache poisoning of a cache fronting a Ratpack server if...

CWE-8072021