CVE-2024-45723
CVSS 3.1 Score 6.5 of 10 (medium)
Details
Summary
CVE-2024-45723 identifies a vulnerability in the goTenna Pro ATAK Plugin, which inadequately generates cryptographic keys by not utilizing SecureRandom, posing a significant risk to confidentiality. Affected products include various models such as y-MdLt, y-KL7Q, and y-LgJT. The vulnerability has a medium severity rating (base score of 6.5) and can be exploited without requiring user interaction or special privileges, primarily through adjacent network attacks. To mitigate this risk, organizations should update their systems to utilize a more secure random number generator for cryptographic key generation. If left unaddressed, this vulnerability could lead to unauthorized access to sensitive information due to its high confidentiality impact.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.