Strix
26.1K

CVE-2024-43814

MEDIUMCVSS 5.3/10EPSS 0.13%

Last modified

CVE-2024-43814 is a medium-severity vulnerability rated 5.3/10 on the CVSS scale. The goTenna Pro ATAK Plugin's default settings are to share Automatic Position, Location, and Information (PLI) updates every 60 seconds once the plugin is active and goTenna is connected. Users that are unaware of their settings and have not activated encryption before a mission may accidentally broadcast their location unencrypted. EPSS estimates a 0.13% chance of exploitation in the next 30 days.

Description

The goTenna Pro ATAK Plugin's default settings are to share Automatic Position, Location, and Information (PLI) updates every 60 seconds once the plugin is active and goTenna is connected. Users that are unaware of their settings and have not activated encryption before a mission may accidentally broadcast their location unencrypted. It is advised to verify PLI settings are the desired rate and activate encryption prior to mission. Update to the latest Plugin to disable this default setting.

Metrics

CVSS 3.1
4.3/10

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

CVSS 4.0
5.3/10

CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

EPSS Probability
0.13%

2.8th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

Affected Software

VendorProductVersions
GotennaGotenna< 2.0.7

References

Timeline

Published
Last Modified
Status
Modified

Frequently Asked Questions

What is CVE-2024-43814?
The goTenna Pro ATAK Plugin's default settings are to share Automatic Position, Location, and Information (PLI) updates every 60 seconds once the plugin is active and goTenna is connected. Users that are unaware of their settings and have not activated encryption before a mission may accidentally broadcast their location unencrypted. It is advised to verify PLI settings are the desired rate and activate encryption prior to mission. Update to the latest Plugin to disable this default setting.
How severe is CVE-2024-43814?
CVE-2024-43814 has a CVSS score of 5.3/10 (MEDIUM severity). The EPSS model estimates a 0.13% probability of exploitation in the next 30 days.
How do I fix CVE-2024-43814?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2024-43814?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST