CVE-2024-43694

EPSS 0.15%
Veröffentlicht 26.09.2024 18:15:06
Zuletzt bearbeitet 07.10.2024 19:40:04
Quelle ics-cert@hq.dhs.gov
CVE-Watchlists
Login
Unerledigt
Login

In the goTenna Pro ATAK Plugin application, the encryption keys are 
stored along with a static IV on the device. This allows for complete 
decryption of keys stored on the device. This allows an attacker to 
decrypt all encrypted broadcast communications based on broadcast keys 
stored on the device.

Betroffene Produkte Warnungen 0 Metriken 4 CWE 1 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Gotenna ≫ Atak Plugin Version < 2.0.7

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.15%	0.354

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	6.5	2.8	3.6	CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
ics-cert@hq.dhs.gov	5.1	0	0	CVSS:4.0/AV:P/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
ics-cert@hq.dhs.gov	4.3	0.7	3.6	CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CWE-922 Insecure Storage of Sensitive Information

The product stores sensitive information without properly limiting read or write access by unauthorized actors.

https://www.cisa.gov/news-events/ics-advisories/icsa-24-270-05

Third Party Advisory

US Government Resource

https://nvd.nist.gov/vuln/detail/CVE-2024-43694

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-43694

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-43694

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2024-43694