CVE-2024-45838
CVSS 3.1 Score 4.3 of 10 (medium)
Details
Summary
CVE-2024-45838 identifies a vulnerability in the goTenna Pro ATAK Plugin, which fails to encrypt user callsigns, potentially exposing sensitive user information and enabling further exploitation. The affected products include various models such as y-MdLt, y-LgJT, and several others within the goTenna Pro line. Organizations using these products face a medium risk due to the low confidentiality impact and the possibility of adjacent network attacks without requiring user interaction or elevated privileges. To remediate this issue, it is essential for users to implement encryption protocols for callsigns and monitor updates from goTenna. For further details, reference can be made to advisories from CISA regarding this vulnerability.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.