Remote Code Execution via Man-in-the-Middle (and more) in NASA's AIT-Core v2.5.2

In my article, I outline several critical vulnerabilities discovered in NASA's AIT-Core v2.5.2, including SQL injection, local code execution through eval, Pickle, and YAML, and remote code execution via Man-in-the-Middle attacks. I detail how these flaws can potentially lead to severe security breaches, including command injection and unauthorized access, and demonstrate the risks through various examples and exploit scenarios. I also recommend specific mitigations such as using secure query-building methods, avoiding insecure libraries, and encrypting communications to prevent these vulnerabilities from being exploited.

This security research was originally published at VisionSpace Blog

Andy Codes

Remote Code Execution via Man-in-the-Middle (and more) in NASA's AIT-Core v2.5.2