CVE-2024-43694 — MEDIUM (4.3)

Q: How severe is CVE-2024-43694?

CVE-2024-43694 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2024-43694?

Check the references section above for vendor advisories and patch information. Affected products include: Gotenna Atak Plugin.

Vulnerability Description

In the goTenna Pro ATAK Plugin application, the encryption keys are stored along with a static IV on the device. This allows for complete decryption of keys stored on the device. This allows an attacker to decrypt all encrypted broadcast communications based on broadcast keys stored on the device.

CVSS Score

4.3

MEDIUM

CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Attack Vector

PHYSICAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

NONE

Availability

NONE

Affected Products

Vendor	Product	Versions
Gotenna	Atak Plugin	< 2.0.7

Related Weaknesses (CWE)

CWE-922

References

https://www.cisa.gov/news-events/ics-advisories/icsa-24-270-05Third Party AdvisoryUS Government Resource

FAQ

What is CVE-2024-43694?

CVE-2024-43694 is a vulnerability with a CVSS score of 4.3 (MEDIUM). In the goTenna Pro ATAK Plugin application, the encryption keys are stored along with a static IV on the device. This allows for complete decryption of keys stored on the device. This allows an atta...

How severe is CVE-2024-43694?

CVE-2024-43694 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2024-43694?

Check the references section above for vendor advisories and patch information. Affected products include: Gotenna Atak Plugin.