Multiple vulnerabilities in goTenna ATAK Plugin



Published: 2024-10-01
Risk Low
Patch available YES
Number of vulnerabilities 9
CVE-ID CVE-2024-45374
CVE-2024-43694
CVE-2024-43108
CVE-2024-45838
CVE-2024-45723
CVE-2024-41722
CVE-2024-41931
CVE-2024-41715
CVE-2024-43814
CWE-ID CWE-521
CWE-922
CWE-353
CWE-319
CWE-338
CWE-287
CWE-201
CWE-204
Exploitation vector Local network
Public exploit N/A
Vulnerable software
Subscribe
ATAK Plugin
Web applications / Modules and components for CMS

Vendor goTenna

Security Bulletin

This security bulletin contains information about 9 vulnerabilities.

1) Weak password requirements

EUVDB-ID: #VU97905

Risk: Low

CVSSv3.1: 4.6 [CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-45374

CWE-ID: CWE-521 - Weak Password Requirements

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to weak password requirements for the QR broadcast message. A remote attacker on the local network can decrypt it and use it to decrypt all future and past messages sent via encrypted broadcast.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

ATAK Plugin: 1.9.12

CPE2.3 External links

http://www.cisa.gov/news-events/ics-advisories/icsa-24-270-05


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Insecure Storage of Sensitive Information

EUVDB-ID: #VU97906

Risk: Low

CVSSv3.1: 3.8 [CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-43694

CWE-ID: CWE-922 - Insecure Storage of Sensitive Information

Exploit availability: No

Description

The vulnerability allows a local attacker to gain access to potentially sensitive information.

The vulnerability exists due to the encryption keys are stored along with a static IV on the device. An authenticated attacker with physical access can decrypt all encrypted broadcast communications based on broadcast keys stored on the device.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

ATAK Plugin: 1.9.12

CPE2.3 External links

http://www.cisa.gov/news-events/ics-advisories/icsa-24-270-05


Q & A

Can this vulnerability be exploited remotely?

No. The attacker should have physical access to the system in order to successfully exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Missing support for integrity check

EUVDB-ID: #VU97907

Risk: Low

CVSSv3.1: 4.6 [CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-43108

CWE-ID: CWE-353 - Missing Support for Integrity Check

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise the target system.

The vulnerability exists due to the affected application uses AES CTR mode for short, encrypted messages without any additional integrity checking mechanisms. A remote attacker on the local network can access the messages and cause them to be malleable.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

ATAK Plugin: 1.9.12

CPE2.3 External links

http://www.cisa.gov/news-events/ics-advisories/icsa-24-270-05


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

4) Cleartext transmission of sensitive information

EUVDB-ID: #VU97908

Risk: Low

CVSSv3.1: 3.8 [CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-45838

CWE-ID: CWE-319 - Cleartext Transmission of Sensitive Information

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to the affected pplication does not encrypt the callsigns of its users. A remote attacker with ability to intercept network traffic can reveal information about the users.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

ATAK Plugin: 1.9.12

CPE2.3 External links

http://www.cisa.gov/news-events/ics-advisories/icsa-24-270-05


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

5) Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)

EUVDB-ID: #VU97909

Risk: Low

CVSSv3.1: 5.7 [CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-45723

CWE-ID: CWE-338 - Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to the affected application does not use SecureRandom when generating its cryptographic keys. A remote attacker on the local network can gain unauthorized access to sensitive information on the system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

ATAK Plugin: 1.9.12

CPE2.3 External links

http://www.cisa.gov/news-events/ics-advisories/icsa-24-270-05


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

6) Improper Authentication

EUVDB-ID: #VU97910

Risk: Low

CVSSv3.1: 5.7 [CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-41722

CWE-ID: CWE-287 - Improper Authentication

Exploit availability: No

Description

The vulnerability allows a remote attacker to bypass authentication process.

The vulnerability exists due to a weak authentication mechanism. A remote attacker on the local network can inject any custom message with any GID and Callsign using a software defined radio in existing gotenna mesh networks.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

ATAK Plugin: 1.9.12

CPE2.3 External links

http://www.cisa.gov/news-events/ics-advisories/icsa-24-270-05


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

7) Insertion of Sensitive Information Into Sent Data

EUVDB-ID: #VU97912

Risk: Low

CVSSv3.1: 3.8 [CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-41931

CWE-ID: CWE-201 - Insertion of Sensitive Information Into Sent Data

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to the broadcast key name is always sent unencrypted and can reveal the location of operation. A remote attacker on the local network can gain unauthorized access to sensitive information on the system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

ATAK Plugin: 1.9.12

CPE2.3 External links

http://www.cisa.gov/news-events/ics-advisories/icsa-24-270-05


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

8) Observable Response Discrepancy

EUVDB-ID: #VU97914

Risk: Low

CVSSv3.1: 3.8 [CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-41715

CWE-ID: CWE-204 - Observable Response Discrepancy

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to the observable response discrepancy issue. A remote attacker on the local network can tell the length of the payload regardless of the encryption used.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

ATAK Plugin: 1.9.12

CPE2.3 External links

http://www.cisa.gov/news-events/ics-advisories/icsa-24-270-05


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

9) Insertion of Sensitive Information Into Sent Data

EUVDB-ID: #VU97915

Risk: Low

CVSSv3.1: 3.1 [CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-43814

CWE-ID: CWE-201 - Insertion of Sensitive Information Into Sent Data

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to the affected plugin by default enables frequent unencrypted Position, Location and Information (PLI) transmission. A remote attacker on the local network can gain unauthorized access to sensitive information on the system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

ATAK Plugin: 1.9.12

CPE2.3 External links

http://www.cisa.gov/news-events/ics-advisories/icsa-24-270-05


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###