CVE-2024-47126
Last modified
CVE-2024-47126 is a high-severity vulnerability rated 7.1/10 on the CVSS scale. The goTenna Pro App does not use SecureRandom when generating passwords for sharing cryptographic keys. The random function in use makes it easier for attackers to brute force this password if the broadcasted encryption key is captured over RF. EPSS estimates a 0.24% chance of exploitation in the next 30 days.
Description
The goTenna Pro App does not use SecureRandom when generating passwords for sharing cryptographic keys. The random function in use makes it easier for attackers to brute force this password if the broadcasted encryption key is captured over RF. This only applies to the optional broadcast of an encryption key, so it is advised to share the key with local QR code for higher security operations.
Metrics
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Gotenna | Gotenna Pro | <= 1.6.1 |
| Gotenna | Gotenna Pro | < 2.0.3 |
References
- https://www.cisa.gov/news-events/ics-advisories/icsa-24-270-04Third Party Advisory, US Government Resource
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2024-47126?
How severe is CVE-2024-47126?
How do I fix CVE-2024-47126?
Are you affected by CVE-2024-47126?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST