CVE-2024-41715: goTenna Pro ATAK Plugin Observable Response Discrepancy
First published: Thu Sep 26 2024(Updated: )
The goTenna Pro ATAK Plugin does not inject extra characters into broadcasted frames to obfuscate the length of messages. This makes it possible to tell the length of the payload regardless of the encryption used.
Credit: ics-cert@hq.dhs.gov
| Affected Software | Affected Version | How to fix |
|---|---|---|
| goTenna ATAK Plugin | <2.0.7 |
Remedy
goTenna recommends that users mitigate these vulnerabilities by performing the following updates: * ATAK Plugin: v2.0.7 or greater
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the severity of CVE-2024-41715?
CVE-2024-41715 is classified as a medium severity vulnerability due to its potential impact on the confidentiality of transmitted data.
How do I fix CVE-2024-41715?
To fix CVE-2024-41715, update the goTenna Pro ATAK Plugin to version 2.0.7 or later.
What does CVE-2024-41715 exploit?
CVE-2024-41715 exploits the lack of message length obfuscation in the goTenna Pro ATAK Plugin.
Who is affected by CVE-2024-41715?
CVE-2024-41715 affects users of the goTenna Pro ATAK Plugin versions prior to 2.0.7.
What are the potential consequences of CVE-2024-41715?
The potential consequences of CVE-2024-41715 include the exposure of message payload lengths, which could lead to information leakage.
- agent/title
- agent/remedy
- agent/references
- agent/type
- agent/first-publish-date
- agent/author
- agent/severity
- agent/event
- agent/weakness
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/description
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- vendor/gotenna
- canonical/gotenna atak plugin