CVE-2024-43814

CVSS 3.1 Score 4.3 of 10 (medium)

Details

Published Sep 26, 2024
Updated: Sep 30, 2024
CWE ID 201

Summary

CVE-2024-43814 identifies a vulnerability in the goTenna Pro ATAK Plugin, which transmits unencrypted Position, Location, and Information (PLI) data without user consent. This affects multiple products, including models y-MdLt, y-LgJT, and y-KL7T. The vulnerability poses a medium severity risk with a potential confidentiality impact categorized as low, allowing attackers on adjacent networks to access sensitive location information. To remediate this issue, users should disable frequent PLI transmission or implement encryption methods for data communication. The lack of required privileges or user interaction for exploitation further heightens the risk for organizations using these affected products.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share