CVE-2024-43814 MEDIUM

CVE-2024-43814: goTenna Pro ATAK Plugin Insertion of Sensitive Information Into Sent Data

Vendor Gotenna
Product Pro ATAK Plugin
Weakness CWE-201
Published September 26, 2024
Last update October 17, 2024

CVSS base score

4.3/10
Attack vector Adjacent
Attack complexity Low
Privileges required None
User interaction None
Confidentiality Low
Integrity None

CVSS vector

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

What the vulnerability does

01Description

The goTenna Pro ATAK Plugin's default settings are to share Automatic Position, Location, and Information (PLI) updates every 60 seconds once the plugin is active and goTenna is connected. Users that are unaware of their settings and have not activated encryption before a mission may accidentally broadcast their location unencrypted. It is advised to verify PLI settings are the desired rate and activate encryption prior to mission. Update to the latest Plugin to disable this default setting.

Key dates

02Disclosure timeline

September 26, 2024 CVE published
October 17, 2024 Record updated