CVE-2024-43108 MEDIUM

CVE-2024-43108: goTenna Pro ATAK Plugin Missing Support for Integrity Check

Vendor Gotenna
Product Pro ATAK Plugin
Weakness CWE-353
Published September 26, 2024
Last update October 17, 2024

CVSS base score

5.3/10
Attack vector Adjacent
Attack complexity High
Privileges required None
User interaction None
Confidentiality None
Integrity High

CVSS vector

CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

What the vulnerability does

01Description

The goTenna Pro ATAK Plugin uses AES CTR type encryption for short, encrypted messages without any additional integrity checking mechanisms. This leaves messages malleable to an attacker that can access the message. It is advised to continue to use encryption in the plugin and update to the current release for enhanced encryption protocols.

Key dates

02Disclosure timeline

September 26, 2024 CVE published
October 17, 2024 Record updated