CVE-2024-43814

EPSS 0.07%
Veröffentlicht 26.09.2024 18:15:07
Zuletzt bearbeitet 17.10.2024 18:15:04
Quelle ics-cert@hq.dhs.gov
CVE-Watchlists
Login
Unerledigt
Login

The goTenna Pro ATAK Plugin's default settings are to share Automatic 
Position, Location, and Information (PLI) updates every 60 seconds once 
the plugin is active and goTenna is connected. Users that are unaware of
 their settings and have not activated encryption before a mission may 
accidentally broadcast their location unencrypted. It is advised to 
verify PLI settings are the desired rate and activate encryption prior 
to mission. Update to the latest Plugin to disable this default setting.

Betroffene Produkte Warnungen 0 Metriken 4 CWE 1 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Gotenna ≫ Gotenna SwPlatformatak Version < 2.0.7

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.07%	0.218

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	4.3	2.8	1.4	CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
ics-cert@hq.dhs.gov	5.3	0	0	CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
ics-cert@hq.dhs.gov	4.3	2.8	1.4	CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

CWE-201 Insertion of Sensitive Information Into Sent Data

The code transmits data to another actor, but a portion of the data includes sensitive information that should not be accessible to that actor.

https://www.cisa.gov/news-events/ics-advisories/icsa-24-270-05

Third Party Advisory

US Government Resource

https://nvd.nist.gov/vuln/detail/CVE-2024-43814

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-43814

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-43814

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2024-43814