CVE-2024-43694
Last modified
CVE-2024-43694 is a medium-severity vulnerability rated 5.1/10 on the CVSS scale. In the goTenna Pro ATAK Plugin application, the encryption keys are stored along with a static IV on the device. This allows for complete decryption of keys stored on the device. EPSS estimates a 0.13% chance of exploitation in the next 30 days.
Description
In the goTenna Pro ATAK Plugin application, the encryption keys are stored along with a static IV on the device. This allows for complete decryption of keys stored on the device. This allows an attacker to decrypt all encrypted broadcast communications based on broadcast keys stored on the device.
Metrics
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
CVSS:4.0/AV:P/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Gotenna | Atak Plugin | < 2.0.7 |
References
- https://www.cisa.gov/news-events/ics-advisories/icsa-24-270-05Third Party Advisory, US Government Resource
Timeline
- Published
- Last Modified
- Status
- Analyzed
Frequently Asked Questions
What is CVE-2024-43694?
How severe is CVE-2024-43694?
How do I fix CVE-2024-43694?
Are you affected by CVE-2024-43694?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST