Products
goTenna Pro ATAK Plugin application
Source
ics-cert@hq.dhs.gov
Tags
CVE-2024-43694 details
Published : Sept. 26, 2024, 6:15 p.m.
Last Modified : Sept. 26, 2024, 6:15 p.m.
Last Modified : Sept. 26, 2024, 6:15 p.m.
Description
In the goTenna Pro ATAK Plugin application, the encryption keys are stored along with a static IV on the device. This allows for complete decryption of keys stored on the device. This allows an attacker to decrypt all encrypted broadcast communications based on broadcast keys stored on the device.
CVSS Score
| 1 | 2 | 3 | 4.3 | 5 | 6 | 7 | 8 | 9 | 10 |
|---|
Weakness
| Weakness | Name | Description |
|---|---|---|
| CWE-922 | Insecure Storage of Sensitive Information | The product stores sensitive information without properly limiting read or write access by unauthorized actors. |
CVSS Data
Attack Vector
PHYSICAL
Attack Complexity
LOW
Privileges Required
LOW
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
Base Score
4.3
Exploitability Score
0.7
Impact Score
3.6
Base Severity
MEDIUM
Vector String : CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
References
| URL | Source |
|---|---|
| https://www.cisa.gov/news-events/ics-advisories/icsa-24-270-05 | ics-cert@hq.dhs.gov |
This website uses the NVD API, but is not approved or certified by it.