Vulnerabilities > CVE-2024-43694 - Insecure Storage of Sensitive Information vulnerability in Gotenna Atak Plugin

CVSS 6.5 - MEDIUM

Attack vector

ADJACENT_NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

NONE

Availability impact

NONE

low complexity

gotenna

CWE-922

NVD

Published: 2024-09-26

Updated: 2024-10-07

Summary

In the goTenna Pro ATAK Plugin application, the encryption keys are stored along with a static IV on the device. This allows for complete decryption of keys stored on the device. This allows an attacker to decrypt all encrypted broadcast communications based on broadcast keys stored on the device.

Vulnerable Configurations

Part	Description	Count
Application	Gotenna Gotenna Atak Plugin *	1

Common Weakness Enumeration (CWE)

CWE-922 - Insecure Storage of Sensitive Information

References

https://www.cisa.gov/news-events/ics-advisories/icsa-24-270-05