CVE-2024-45374

CVSS 3.1 Score 5.3 of 10 (medium)

Details

Published Sep 26, 2024
Updated: Sep 30, 2024
CWE ID 521

Summary

CVE-2024-45374 identifies a vulnerability in the goTenna Pro ATAK Plugin application, where encryption keys are stored alongside a static Initialization Vector (IV) on the device, allowing attackers to decrypt all encrypted broadcast communications. Affected products include multiple models such as y-MdLt, y-LgJT, and others in the goTenna Pro series. The vulnerability poses a high confidentiality impact, with an exploitability score of 1.6 and a base severity rating of medium. To remediate this issue, organizations should ensure that encryption keys are managed securely and not stored in an easily accessible manner alongside static IVs. Failure to address this vulnerability could lead to unauthorized access to sensitive communications within an organization’s network.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share