CVE-2024-47124
Cleartext Transmission of Sensitive Information in goTenna Pro
Severity Score
2.3
*CVSS v4
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
Track
*SSVC
Descriptions
The goTenna pro series does not encrypt the callsigns of its users. These callsigns reveal information about the users and can also be leveraged for other vulnerabilities.
The goTenna Pro App does not encrypt callsigns in messages. It is
recommended to not use sensitive information in callsigns when using
this and previous versions of the app and update your app to the current
app version which uses AES-256 encryption for callsigns in encrypted
operation.
*Credits:
Erwin Karincic, Clayton Smith, and Dale Wooden reported this these vulnerabilities to CISA.
CVSS Scores
Attack Vector
Attack Complexity
Attack Requirements
Privileges Required
User Interaction
System
Vulnerable | Subsequent
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:Track
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2024-09-18 CVE Reserved
- 2024-09-26 CVE Published
- 2024-10-08 EPSS Updated
- 2024-10-17 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-319: Cleartext Transmission of Sensitive Information
CAPEC
References (1)
| URL | Tag | Source |
|---|---|---|
| https://www.cisa.gov/news-events/ics-advisories/icsa-24-270-04 | Government Resource |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|