CVE-2024-9310 MEDIUM

CVE-2024-9310: Traffic Alert and Collision Avoidance System (TCAS) II has a Reliance on Untrusted Inputs in a Security Decision vulnerability

Vendor Traffic Alert And Collision Avoidance System (Tcas) Ii
Product Collision Avoidance Systems
Weakness CWE-807
Published January 22, 2025
Last update February 12, 2025

CVSS base score

6.0/10
Attack vector Adjacent
Attack complexity High
Privileges required None
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:A/AC:H/AT:P/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N

What the vulnerability does

01Description

By utilizing software-defined radios and a custom low-latency processing pipeline, RF signals with spoofed location data can be transmitted to aircraft targets. This can lead to the appearance of fake aircraft on displays and potentially trigger undesired Resolution Advisories (RAs).

Key dates

02Disclosure timeline

January 22, 2025 CVE published
February 12, 2025 Record updated