CVE-2024-45374

The goTenna Pro ATAK plugin uses a weak password for sharing encryption 
keys via the key broadcast method. If the broadcasted encryption key is 
captured over RF, and password is cracked via brute force attack, it is 
possible to decrypt it and use it to decrypt all future and past 
messages sent via encrypted broadcast with that particular key. This 
only applies when the key is broadcasted over RF. This is an optional 
feature, so it is advised to use local QR encryption key sharing for 
additional security on this and previous versions.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
5.3 MEDIUM
ADJACENT_NETWORK
HIGH
NONE
CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
icscertCNA
5.3 MEDIUM
ADJACENT_NETWORK
HIGH
NONE
CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
CISA-ADPADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 2%
VendorProductVersion
gotennagotenna
𝑥
< 2.0.7
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://www.cisa.gov/news-events/ics-advisories/icsa-24-270-05