CVE-2024-43694

In the goTenna Pro ATAK Plugin application, the encryption keys are 
stored along with a static IV on the device. This allows for complete 
decryption of keys stored on the device. This allows an attacker to 
decrypt all encrypted broadcast communications based on broadcast keys 
stored on the device.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
4.3 MEDIUM
PHYSICAL
LOW
LOW
CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
icscertCNA
4.3 MEDIUM
PHYSICAL
LOW
LOW
CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
CISA-ADPADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 3%
VendorProductVersion
gotennaatak_plugin
𝑥
< 2.0.7
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://www.cisa.gov/news-events/ics-advisories/icsa-24-270-05