CVE-2024-47123

The goTenna Pro App uses AES CTR type encryption for short, encrypted messages without any additional integrity checking mechanisms. This leaves messages malleable to an attacker that can access the message. It is recommended to continue to use encryption in the app and update to the current release for more secure operations.
References
Link Resource
https://www.cisa.gov/news-events/ics-advisories/icsa-24-270-04 Third Party Advisory US Government Resource
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:gotenna:gotenna_pro:*:*:*:*:*:iphone_os:*:*
cpe:2.3:a:gotenna:gotenna_pro:*:*:*:*:*:android:*:*

History

17 Oct 2024, 18:15

Type Values Removed Values Added
Summary (en) The goTenna Pro series use AES CTR mode for short, encrypted messages without any additional integrity checking mechanisms. This leaves messages malleable to any attacker that can access the message. (en) The goTenna Pro App uses AES CTR type encryption for short, encrypted messages without any additional integrity checking mechanisms. This leaves messages malleable to an attacker that can access the message. It is recommended to continue to use encryption in the app and update to the current release for more secure operations.

07 Oct 2024, 18:03

Type Values Removed Values Added
CPE cpe:2.3:a:gotenna:gotenna_pro:*:*:*:*:*:*:*:* cpe:2.3:a:gotenna:gotenna_pro:*:*:*:*:*:iphone_os:*:*
cpe:2.3:a:gotenna:gotenna_pro:*:*:*:*:*:android:*:*

07 Oct 2024, 16:46

Type Values Removed Values Added
CVSS v2 : unknown
v3 : 0.0
v2 : unknown
v3 : 3.1
CWE CWE-345
References () https://www.cisa.gov/news-events/ics-advisories/icsa-24-270-04 - () https://www.cisa.gov/news-events/ics-advisories/icsa-24-270-04 - Third Party Advisory, US Government Resource
First Time Gotenna
Gotenna gotenna Pro
CPE cpe:2.3:a:gotenna:gotenna_pro:*:*:*:*:*:*:*:*

30 Sep 2024, 12:46

Type Values Removed Values Added
Summary
  • (es) La serie goTenna Pro utiliza el modo AES CTR para mensajes breves y cifrados sin ningún mecanismo de comprobación de integridad adicional. Esto permite que los mensajes sean manipulables para cualquier atacante que pueda acceder a ellos.

26 Sep 2024, 19:35

Type Values Removed Values Added
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 0.0

26 Sep 2024, 18:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-09-26 18:15

Updated : 2024-10-17 18:15


NVD link : CVE-2024-47123

Mitre link : CVE-2024-47123

CVE.ORG link : CVE-2024-47123


JSON object : View

Products Affected

gotenna

  • gotenna_pro
CWE
CWE-345

Insufficient Verification of Data Authenticity

CWE-353

Missing Support for Integrity Check