CVE-2024-43694

In the goTenna Pro ATAK Plugin application, the encryption keys are stored along with a static IV on the device. This allows for complete decryption of keys stored on the device. This allows an attacker to decrypt all encrypted broadcast communications based on broadcast keys stored on the device.
References
Link Resource
https://www.cisa.gov/news-events/ics-advisories/icsa-24-270-05 Third Party Advisory US Government Resource
Configurations

Configuration 1 (hide)

cpe:2.3:a:gotenna:atak_plugin:*:*:*:*:*:*:*:*

History

07 Oct 2024, 19:40

Type Values Removed Values Added
First Time Gotenna
Gotenna atak Plugin
CPE cpe:2.3:a:gotenna:atak_plugin:*:*:*:*:*:*:*:*
References () https://www.cisa.gov/news-events/ics-advisories/icsa-24-270-05 - () https://www.cisa.gov/news-events/ics-advisories/icsa-24-270-05 - Third Party Advisory, US Government Resource
CVSS v2 : unknown
v3 : 4.3
v2 : unknown
v3 : 6.5

30 Sep 2024, 12:46

Type Values Removed Values Added
Summary
  • (es) En la aplicación del complemento ATAK de goTenna Pro, las claves de cifrado se almacenan junto con un IV estático en el dispositivo. Esto permite el descifrado completo de las claves almacenadas en el dispositivo. Esto permite que un atacante descifre todas las comunicaciones de transmisión cifradas en función de las claves de transmisión almacenadas en el dispositivo.

26 Sep 2024, 18:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-09-26 18:15

Updated : 2024-10-07 19:40


NVD link : CVE-2024-43694

Mitre link : CVE-2024-43694

CVE.ORG link : CVE-2024-43694


JSON object : View

Products Affected

gotenna

  • atak_plugin
CWE
CWE-922

Insecure Storage of Sensitive Information