CVE-2024-47121

Опубликовано: 26 сент. 2024

Источник: nvd

CVSS3: 5.3

EPSS Низкий

Описание

The goTenna Pro App uses a weak password for sharing encryption keys via the key broadcast method. If the broadcasted encryption key is captured over RF, and password is cracked via brute force attack, it is possible to decrypt it and use it to decrypt all future and past messages sent via encrypted broadcast with that particular key. This only applies when the key is broadcasted over RF. This is an optional feature, so it is recommended to use local QR encryption key sharing for additional security on this and previous versions.

Ссылки

https://www.cisa.gov/news-events/ics-advisories/icsa-24-270-04
Third Party Advisory
US Government Resource

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:gotenna:gotenna_pro:*:*:*:*:*:android:*:*

Версия до 2.0.3 (исключая)

cpe:2.3:a:gotenna:gotenna_pro:*:*:*:*:*:iphone_os:*:*

Версия до 2.0.3 (исключая)

EPSS

Процентиль: 23%

0.00075

Низкий

5.3 Medium

CVSS3

Дефекты

CWE-521

Связанные уязвимости

GHSA-xcqq-5vvm-q9m2

CVSS3: 6.5

github

больше 1 года назад

The goTenna Pro series uses a weak password for the QR broadcast message. If the QR broadcast message is captured over RF it is possible to decrypt it and use it to decrypt all future and past messages sent via encrypted broadcast.