CVE-2024-45838

MEDIUM

Gotenna < 2.0.7 - Cleartext Transmission

Title source: rule

Description

The goTenna Pro ATAK Plugin does not encrypt callsigns in messages. It is advised to not use sensitive information in callsigns when using this and previous versions of the plugin. Update to current plugin version which uses AES-256 encryption for callsigns in encrypted operation

References (1)

[Third Party Advisory, US Government Resource] https://www.cisa.gov/news-events/ics-advisories/icsa-24-270-05

Scores

CVSS v3 4.3

EPSS 0.0003

EPSS Percentile 9.7%

Attack Vector ADJACENT_NETWORK

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-319

Status published

Products (1)

gotenna/gotenna < 2.0.7

Published Sep 26, 2024

Tracked Since Feb 18, 2026