CVE-2024-41715

CVSS 3.1 Score 4.3 of 10 (medium)

Details

Published Sep 26, 2024
Updated: Sep 30, 2024
CWE ID 204

Summary

CVE-2024-41715 identifies a vulnerability in the goTenna Pro ATAK Plugin, which involves a payload length issue that allows attackers to determine the length of the payload regardless of encryption. Affected products include various models designated as y-MdLt, y-LgJT, y-MdLs, among others. The vulnerability has a medium severity rating with a CVSS score of 4.3 and can be exploited without requiring user interaction or special privileges, using an adjacent network attack vector. While the confidentiality impact is classified as low, this vulnerability poses potential risks for organizations by exposing sensitive information about data transmission. Remediation steps have not been specified in the provided details; however, organizations are advised to monitor updates from relevant security advisories for guidance on mitigation strategies.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share