In the goTenna Pro ATAK Plugin application, the encryption keys are
stored along with a static IV on the device. This allows for complete
decryption of keys stored on the device. This allows an attacker to
decrypt all encrypted broadcast communications based on broadcast keys
stored on the device.
References
Link | Resource |
---|---|
https://www.cisa.gov/news-events/ics-advisories/icsa-24-270-05 | Third Party Advisory US Government Resource |
Configurations
History
07 Oct 2024, 19:40
Type | Values Removed | Values Added |
---|---|---|
First Time |
Gotenna
Gotenna atak Plugin |
|
CPE | cpe:2.3:a:gotenna:atak_plugin:*:*:*:*:*:*:*:* | |
References | () https://www.cisa.gov/news-events/ics-advisories/icsa-24-270-05 - Third Party Advisory, US Government Resource | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 6.5 |
30 Sep 2024, 12:46
Type | Values Removed | Values Added |
---|---|---|
Summary |
|
26 Sep 2024, 18:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-09-26 18:15
Updated : 2024-10-07 19:40
NVD link : CVE-2024-43694
Mitre link : CVE-2024-43694
CVE.ORG link : CVE-2024-43694
JSON object : View
Products Affected
gotenna
- atak_plugin
CWE
CWE-922
Insecure Storage of Sensitive Information