CVE-2024-11166 HIGH

CVE-2024-11166: Traffic Alert and Collision Avoidance System (TCAS) II has an External Control of System or Configuration Setting vulnerability

Vendor Traffic Alert And Collision Avoidance System (Tcas) Ii
Product Collision Avoidance Systems
Weakness CWE-15
Published January 22, 2025
Last update February 12, 2025

CVSS base score

7.1/10
Attack vector Adjacent
Attack complexity Low
Privileges required None
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N

What the vulnerability does

01Description

For TCAS II systems using transponders compliant with MOPS earlier than RTCA DO-181F, an attacker can impersonate a ground station and issue a Comm-A Identity Request. This action can set the Sensitivity Level Control (SLC) to the lowest setting and disable the Resolution Advisory (RA), leading to a denial-of-service condition.

Key dates

02Disclosure timeline

January 22, 2025 CVE published
February 12, 2025 Record updated