Cleartext Transmission of Sensitive Information Affecting ait-core package, versions [0,]


Severity

Recommended
0.0
high
0
10

CVSS assessment made by Snyk's Security Team

    Threat Intelligence

    EPSS
    0.05% (17th percentile)

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications
  • Snyk ID SNYK-PYTHON-AITCORE-6969016
  • published 22 May 2024
  • disclosed 21 May 2024
  • credit Andy Olchawa, Milenko Starcik

How to fix?

There is no fixed version for ait-core.

Overview

ait-core is a NASA JPL's Ground Data System toolkit for Instrument and CubeSat Missions

Affected versions of this package are vulnerable to Cleartext Transmission of Sensitive Information due to the use of unencrypted channels to exchange data over the network. An attacker can execute arbitrary code by performing a man-in-the-middle attack.

Notes:

In the exploitation scenario, there two vulnerabilities:

  1. ZMQ communication is unencrypted.

  2. Use of Pickle

To prevent the RCE, it is recommended to resolve both issues. Although replacing the plain ZMQ communication with ZMQ SSH Tunnelling might be tempting, more is needed. It will mitigate the MitM attacks; however, given that the TLM instrument opens a port and connects to a telemetry source without any verification, another attack vector emerges for exploitation – in case the bad actor can access the telemetry source host, they can stop a telemetry source and start their own with a malicious payload.

CVSS Scores

version 3.1
Expand this section

Snyk

Recommended
8.1 high
  • Attack Vector (AV)
    Network
  • Attack Complexity (AC)
    High
  • Privileges Required (PR)
    None
  • User Interaction (UI)
    None
  • Scope (S)
    Unchanged
  • Confidentiality (C)
    High
  • Integrity (I)
    High
  • Availability (A)
    High