Main Vulnerability Database Vulnerabilities #VU97906

#VU97906 Insecure Storage of Sensitive Information in ATAK Plugin - CVE-2024-43694

Published: October 1, 2024

Vulnerability identifier: #VU97906

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:P/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2024-43694

CWE-ID: CWE-922

Exploitation vector: Local access

Exploit availability: No public exploit available

Vulnerable software:
ATAK Plugin

Software vendor:
goTenna

Description

The vulnerability allows a local attacker to gain access to potentially sensitive information.

The vulnerability exists due to the encryption keys are stored along with a static IV on the device. An authenticated attacker with physical access can decrypt all encrypted broadcast communications based on broadcast keys stored on the device.

Remediation

Install updates from vendor's website.

External links

https://www.cisa.gov/news-events/ics-advisories/icsa-24-270-05

#VU97906 Insecure Storage of Sensitive Information in ATAK Plugin - CVE-2024-43694

Description

Remediation

External links

Please verify you're human