CVE-2024-55581

HighPublic PoC

Published: 26 February 2025

Published

26 February 2025

Modified

07 April 2025

KEV Added

—

Patch

—

CVSS Score 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

EPSS Score 0.0024 46.2th percentile

Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-55581 is a high-severity Improper Certificate Validation (CWE-295) vulnerability in Adacore Ada Web Server. Its CVSS base score is 7.4 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Adversary-in-the-Middle (T1557); ranked at the 46.2th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 SC-17 (Public Key Infrastructure Certificates) and SC-8 (Transmission Confidentiality and Integrity).

Threat & Defense at a Glance

What attackers do: exploitation maps to Adversary-in-the-Middle (T1557). What defenders deploy: see the NIST 800-53 controls recommended below.

Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SC-17 Public Key Infrastructure Certificates good match

prevent

Requires validation of PKI certificates, directly addressing the AWS.Client's failure to verify HTTPS server certificates and preventing MITM attacks.

SC-8 Transmission Confidentiality and Integrity good match

prevent

Mandates protection of transmission confidentiality and integrity, which necessitates proper HTTPS certificate validation to counter the vulnerability's exposure to interception and modification.

CM-6 Configuration Settings partial match

prevent

Enforces secure configuration settings for TLS clients like AWS.Client to enable certificate verification, mitigating the default insecure behavior.

MITRE ATT&CK Enterprise TechniquesAI

T1557 Adversary-in-the-Middle Credential Access

Adversaries may attempt to position themselves between two or more networked devices using an adversary-in-the-middle (AiTM) technique to support follow-on behaviors such as [Network Sniffing](https://attack.

attack.mitre.org →

Why these techniques?

Improper certificate validation (CWE-295) directly enables successful Adversary-in-the-Middle attacks by allowing interception and tampering of HTTPS traffic without detection.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

NVD Description

When AdaCore Ada Web Server 25.0.0 is linked with GnuTLS, the default behaviour of AWS.Client is vulnerable to a man-in-the-middle attack because of lack of verification of an HTTPS server's certificate (unless the using program specifies a TLS configuration).

Deeper analysisAI

CVE-2024-55581 is a vulnerability in AdaCore Ada Web Server version 25.0.0 when linked with GnuTLS. The issue stems from the default behavior of AWS.Client, which fails to verify an HTTPS server's certificate unless the using program explicitly specifies a TLS configuration. This improper certificate validation, mapped to CWE-295, exposes applications to man-in-the-middle attacks. The vulnerability carries a CVSS v3.1 base score of 7.4 (AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N), indicating high severity due to network accessibility and significant confidentiality and integrity impacts.

Attackers can exploit this vulnerability by positioning themselves between the AWS.Client and the target HTTPS server, such as on a compromised network or through techniques requiring high complexity like ARP spoofing or DNS poisoning. No privileges or user interaction are needed. Successful exploitation allows the attacker to intercept, read, and potentially modify sensitive data in transit, compromising confidentiality and integrity without impacting availability.

For mitigation guidance, refer to the AdaCore security advisory SEC.AWS-0056-v1 at https://docs.adacore.com/corp/security-advisories/SEC.AWS-0056-v1.pdf and the Debian LTS announcement at https://lists.debian.org/debian-lts-announce/2025/03/msg00007.html.