SB2024093086 - Multiple vulnerabilities in goTenna Pro App

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2024093086

SB2024093086 - Multiple vulnerabilities in goTenna Pro App

Published: September 30, 2024

Security Bulletin ID SB2024093086
CSH Severity
Medium
Patch available
YES
Number of vulnerabilities 10
Exploitation vector Adjecent network
Highest impact Code execution

Breakdown by Severity

Medium 20% Low 80%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 10 vulnerabilities.


1) Weak password requirements (CVE-ID: CVE-2024-47121)

CWE-ID: CWE-521 - Weak Password Requirements

CVSSv4: CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear


The vulnerability allows a remote attacker to compromise the target system.

The vulnerability exists due to weak password requirements for the QR broadcast message. A remote attacker on the local network can decrypt the QR broadcast message and use it to decrypt all future and past messages sent via encrypted broadcast.


2) Insecure Storage of Sensitive Information (CVE-ID: CVE-2024-47122)

CWE-ID: CWE-922 - Insecure Storage of Sensitive Information

CVSSv4: CVSS:4.0/AV:P/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear


The vulnerability allows a local attacker to gain access to potentially sensitive information.

The vulnerability exists due to the encryption keys are stored along with a static IV on the device. An attacker with physical access can decrypt all encrypted communications that include P2P, Group, and broadcast messages that use these keys.


3) Missing support for integrity check (CVE-ID: CVE-2024-47123)

CWE-ID: CWE-353 - Missing Support for Integrity Check

CVSSv4: CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear


The vulnerability allows a remote attacker to compromise the target system.

The vulnerability exists due to the affected application uses AES CTR mode for short, encrypted messages without any additional integrity checking mechanisms. A remote attacker on the local network can access the messages and cause them to be malleable.


4) Cleartext transmission of sensitive information (CVE-ID: CVE-2024-47124)

CWE-ID: CWE-319 - Cleartext Transmission of Sensitive Information

CVSSv4: CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear


The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to the affected pplication does not encrypt the callsigns of its users. A remote attacker with ability to intercept network traffic can reveal information about the users.


5) Improper restriction of communication channel to intended endpoints (CVE-ID: CVE-2024-47125)

CWE-ID: CWE-923 - Improper Restriction of Communication Channel to Intended Endpoints

CVSSv4: CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Green


The vulnerability allows a remote attacker to compromise the target system.

The vulnerability exists due to the affected application does not authenticate public keys. A remote attacker on the local network can intercept and manipulate messages.


6) Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) (CVE-ID: CVE-2024-47126)

CWE-ID: CWE-338 - Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)

CVSSv4: CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear


The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to the affected application does not use SecureRandom when generating its cryptographic keys. A remote attacker on the local network can gain unauthorized access to sensitive information on the system.


7) Observable Response Discrepancy (CVE-ID: CVE-2024-47129)

CWE-ID: CWE-204 - Observable Response Discrepancy

CVSSv4: CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear


The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to the observable response discrepancy issue. A remote attacker on the local network can tell the length of the payload regardless of the encryption used.


8) Missing Authentication for Critical Function (CVE-ID: CVE-2024-47130)

CWE-ID: CWE-306 - Missing Authentication for Critical Function

CVSSv4: CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green


The vulnerability allows a remote attacker to bypass authentication process.

The vulnerability exists due to missing authentication for critical function. A remote attacker on the local network can update the local public keys used for P2P and Group messages.


9) Insertion of Sensitive Information Into Sent Data (CVE-ID: CVE-2024-47128)

CWE-ID: CWE-201 - Insertion of Sensitive Information Into Sent Data

CVSSv4: CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear


The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to the broadcast key name is always sent unencrypted and can reveal the location of operation. A remote attacker on the local network can gain unauthorized access to sensitive information on the system.


10) Improper Authentication (CVE-ID: CVE-2024-47127)

CWE-ID: CWE-287 - Improper Authentication

CVSSv4: CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear


The vulnerability allows a remote attacker to bypass authentication process.

The vulnerability exists due to a weak authentication mechanism. A remote attacker on the local network can inject any custom message with any GID and Callsign using a software defined radio in existing gotenna mesh networks.


Remediation

Install update from vendor's website.

References