CVE-2024-43108

CVSS 3.1 Score 5.3 of 10 (medium)

Details

Published Sep 26, 2024
Updated: Sep 30, 2024
CWE ID 353

Summary

CVE-2024-43108 identifies a vulnerability within the goTenna Pro ATAK Plugin, which uses AES CTR mode for encrypting short messages without additional integrity checks, making them susceptible to manipulation by attackers with access to the communication. Affected products include various models like y-MdLt, y-MdLs, and y-LgJT, among others. The potential danger lies in the high integrity impact, allowing an attacker to alter messages without detection while maintaining confidentiality. To remediate this vulnerability, organizations should implement stronger integrity verification mechanisms for message transmission. The exploitability score is rated at 1.6 with a medium severity level according to ICS-CERT, highlighting the need for prompt attention to mitigate risks associated with adjacent network attacks.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share