Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2024-43108

The goTenna Pro ATAK Plugin uses AES CTR type encryption for short, encrypted messages without any additional integrity checking mechanisms. This leaves messages malleable to an attacker that can access the message. It is advised to continue to use encryption in the plugin and update to the current release for enhanced encryption protocols.

Published

2024-09-26T18:15:06.713

Last Modified

2024-10-17T17:15:11.883

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 5.3 (MEDIUM)

Weaknesses

Type: Secondary
CWE-353
Type: Primary
CWE-345

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	gotenna	gotenna	< 2.0.7	Yes

References

https://www.cisa.gov/news-events/ics-advisories/icsa-24-270-05 Third Party Advisory, US Government Resource ([email protected])