MEDIUMπŸ‡΅πŸ‡± Wersja polska

CVE-2024-47123

CVSS 6.0v4.0pub. 2024-09-26upd. 2024-11-21

The goTenna Pro App uses AES CTR type encryption for short, encrypted messages without any additional integrity checking mechanisms. This leaves messages malleable to an attacker that can access the message. It is recommended to continue to use encryption in the app and update to the current release for more secure operations.

CVSS Vector
CVSS:4.0/AV:A/AC:H/AT:P/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
  • Gotenna Pro

    APP
    Gotenna
    ≀ 1.6.1< 2.0.3
πŸ”΅
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References

Related vulnerabilities

CVE-2024-47130HIGH8.7ten sam produkt

The goTenna Pro App allows unauthenticated attackers to remotely update the local public keys used for P2P an...

CVE-2024-47125HIGH7.6ten sam produkt

The goTenna Pro App does not authenticate public keys which allows an unauthenticated attacker to manipulate ...

CVE-2024-47126HIGH7.1ten sam produkt

The goTenna Pro App does not use SecureRandom when generating passwords for sharing cryptographic keys. The r...

CVE-2024-47129MEDIUM5.3ten sam produkt

The goTenna Pro App does not inject extra characters into broadcasted frames to obfuscate the length of messa...

CVE-2024-47121MEDIUM6.0ten sam produkt

The goTenna Pro App uses a weak password for sharing encryption keys via the key broadcast method. If the bro...

CVE-2024-47123 β€” Gotenna β€” Gotenna Pro β€” MEDIUM β€” CVSS 6.0 | CVEbaza.pl