CVE-2024-47122

EPSS 0.14%
Veröffentlicht 26.09.2024 18:15:09
Zuletzt bearbeitet 17.10.2024 18:15:05
Quelle ics-cert@hq.dhs.gov
CVE-Watchlists
Login
Unerledigt
Login

In the goTenna Pro App, the encryption keys are stored along with a 
static IV on the End User Device (EUD). This allows for complete 
decryption of keys stored on the EUD if physically compromised. This 
allows an attacker to decrypt all encrypted broadcast communications 
based on encryption keys stored on the EUD. This requires access to and 
control of the EUD, so it is recommended to use strong access control 
measures and layered encryption on the EUD for more secure operation.

Betroffene Produkte Warnungen 0 Metriken 4 CWE 1 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Gotenna ≫ Gotenna Pro SwPlatformiphone_os Version <= 1.6.1

Gotenna ≫ Gotenna Pro SwPlatformandroid Version < 2.0.3

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.14%	0.334

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	6.5	2.8	3.6	CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
ics-cert@hq.dhs.gov	5.1	0	0	CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
ics-cert@hq.dhs.gov	4.3	0.7	3.6	CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CWE-922 Insecure Storage of Sensitive Information

The product stores sensitive information without properly limiting read or write access by unauthorized actors.

https://www.cisa.gov/news-events/ics-advisories/icsa-24-270-04

Third Party Advisory

US Government Resource

https://nvd.nist.gov/vuln/detail/CVE-2024-47122

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-47122

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-47122

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2024-47122