What is the severity of CVE-2024-43694?

CVE-2024-43694 is considered a critical vulnerability due to the potential for complete decryption of sensitive communication keys.

How do I fix CVE-2024-43694?

To mitigate CVE-2024-43694, upgrade the goTenna Pro ATAK Plugin to version 2.0.7 or later, where this vulnerability is addressed.

What systems are affected by CVE-2024-43694?

CVE-2024-43694 affects the goTenna Pro ATAK Plugin application versions prior to 2.0.7.

Is CVE-2024-43694 specific to certain devices?

CVE-2024-43694 is specific to devices running the goTenna Pro ATAK Plugin prior to version 2.0.7.

Vulnerability/
CVE-2024-43694

medium

6.5

CWE

922

26/9/2024

7/10/2024

CVE-2024-43694: goTenna Pro ATAK Plugin Insecure Storage of Sensitive Information

Q: What kind of attack can be performed using CVE-2024-43694?

An attacker could exploit CVE-2024-43694 to decrypt all encrypted broadcast communications by accessing the stored encryption keys.

First published: Thu Sep 26 2024(Updated: )

In the goTenna Pro ATAK Plugin application, the encryption keys are stored along with a static IV on the device. This allows for complete decryption of keys stored on the device. This allows an attacker to decrypt all encrypted broadcast communications based on broadcast keys stored on the device.

Credit: ics-cert@hq.dhs.gov

Affected Software	Affected Version	How to fix
goTenna ATAK Plugin	<2.0.7

Remedy

goTenna recommends that users mitigate these vulnerabilities by performing the following updates: * ATAK Plugin: v2.0.7 or greater

Never miss a vulnerability like this again

Reference Links

https://www.cisa.gov/news-events/ics-advisories/icsa-24-270-05

Frequently Asked Questions

What is the severity of CVE-2024-43694?
CVE-2024-43694 is considered a critical vulnerability due to the potential for complete decryption of sensitive communication keys.
How do I fix CVE-2024-43694?
To mitigate CVE-2024-43694, upgrade the goTenna Pro ATAK Plugin to version 2.0.7 or later, where this vulnerability is addressed.
What systems are affected by CVE-2024-43694?
CVE-2024-43694 affects the goTenna Pro ATAK Plugin application versions prior to 2.0.7.
What kind of attack can be performed using CVE-2024-43694?
An attacker could exploit CVE-2024-43694 to decrypt all encrypted broadcast communications by accessing the stored encryption keys.
Is CVE-2024-43694 specific to certain devices?
CVE-2024-43694 is specific to devices running the goTenna Pro ATAK Plugin prior to version 2.0.7.

agent/weakness
agent/remedy
agent/title
agent/references
agent/type
agent/first-publish-date
agent/description
agent/author
agent/event
collector/mitre-cve
source/MITRE
agent/severity
agent/last-modified-date
agent/source
agent/softwarecombine
agent/tags
collector/nvd-api
source/NVD
agent/software-canonical-lookup
agent/software-canonical-lookup-request
vendor/gotenna
canonical/gotenna atak plugin

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.