Vulnerabilities > CVE-2024-43814 - Unspecified vulnerability in Gotenna

CVSS 4.3 - MEDIUM

Attack vector

ADJACENT_NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

LOW

Integrity impact

NONE

Availability impact

NONE

low complexity

gotenna

NVD

Published: 2024-09-26

Updated: 2024-10-17

Summary

The goTenna Pro ATAK Plugin's default settings are to share Automatic Position, Location, and Information (PLI) updates every 60 seconds once the plugin is active and goTenna is connected. Users that are unaware of their settings and have not activated encryption before a mission may accidentally broadcast their location unencrypted. It is advised to verify PLI settings are the desired rate and activate encryption prior to mission. Update to the latest Plugin to disable this default setting.

Vulnerable Configurations

Part	Description	Count
Application	Gotenna Gotenna Gotenna *	1

References

https://www.cisa.gov/news-events/ics-advisories/icsa-24-270-05