Products
goTenna Pro series
Source
ics-cert@hq.dhs.gov
Tags
CVE-2024-47123 details
Published : Sept. 26, 2024, 6:15 p.m.
Last Modified : Sept. 26, 2024, 7:35 p.m.
Last Modified : Sept. 26, 2024, 7:35 p.m.
Description
The goTenna Pro series use AES CTR mode for short, encrypted messages without any additional integrity checking mechanisms. This leaves messages malleable to any attacker that can access the message.
CVSS Score
1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 |
---|
Weakness
Weakness | Name | Description |
---|---|---|
CWE-353 | Missing Support for Integrity Check | The product uses a transmission protocol that does not include a mechanism for verifying the integrity of the data during transmission, such as a checksum. |
CVSS Data
Attack Vector
ADJACENT_NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
NONE
Base Score
0.0
Exploitability Score
1.6
Impact Score
0.0
Base Severity
NONE
Vector String : CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:N
References
URL | Source |
---|---|
https://www.cisa.gov/news-events/ics-advisories/icsa-24-270-04 | ics-cert@hq.dhs.gov |
This website uses the NVD API, but is not approved or certified by it.