Vulnerabilities > CVE-2024-41715 - Information Exposure Through Discrepancy vulnerability in Gotenna Atak Plugin

CVSS 4.3 - MEDIUM

Attack vector

ADJACENT_NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

LOW

Integrity impact

NONE

Availability impact

NONE

low complexity

gotenna

CWE-203

NVD

Published: 2024-09-26

Updated: 2024-10-17

Summary

The goTenna Pro ATAK Plugin does not inject extra characters into broadcasted frames to obfuscate the length of messages. This makes it possible to tell the length of the payload regardless of the encryption used.

Vulnerable Configurations

Part	Description	Count
Application	Gotenna Gotenna Atak Plugin *	1

Common Weakness Enumeration (CWE)

CWE-203 - Information Exposure Through Discrepancy

References

https://www.cisa.gov/news-events/ics-advisories/icsa-24-270-05