The goTenna Pro App uses AES CTR type encryption for short, encrypted messages without any additional integrity checking mechanisms. This leaves messages malleable to an attacker that can access the message. It is recommended to continue to use encryption in the app and update to the current release for more secure operations.
History

Thu, 17 Oct 2024 17:30:00 +0000

Type Values Removed Values Added
Description The goTenna Pro series use AES CTR mode for short, encrypted messages without any additional integrity checking mechanisms. This leaves messages malleable to any attacker that can access the message. The goTenna Pro App uses AES CTR type encryption for short, encrypted messages without any additional integrity checking mechanisms. This leaves messages malleable to an attacker that can access the message. It is recommended to continue to use encryption in the app and update to the current release for more secure operations.
Metrics cvssV3_1

{'score': 0, 'vector': 'CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:N'}

cvssV3_1

{'score': 5.3, 'vector': 'CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N'}


Mon, 07 Oct 2024 18:30:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:gotenna:gotenna_pro:*:*:*:*:*:*:*:* cpe:2.3:a:gotenna:gotenna_pro:*:*:*:*:*:android:*:*
cpe:2.3:a:gotenna:gotenna_pro:*:*:*:*:*:iphone_os:*:*

Mon, 07 Oct 2024 17:15:00 +0000

Type Values Removed Values Added
First Time appeared Gotenna
Gotenna gotenna Pro
Weaknesses CWE-345
CPEs cpe:2.3:a:gotenna:gotenna_pro:*:*:*:*:*:*:*:*
Vendors & Products Gotenna
Gotenna gotenna Pro

Thu, 26 Sep 2024 19:30:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 0, 'vector': 'CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:N'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Thu, 26 Sep 2024 17:30:00 +0000

Type Values Removed Values Added
Description The goTenna Pro series use AES CTR mode for short, encrypted messages without any additional integrity checking mechanisms. This leaves messages malleable to any attacker that can access the message.
Title Missing Support for Integrity Check in goTenna Pro
Weaknesses CWE-353
References
Metrics cvssV4_0

{'score': 6, 'vector': 'CVSS:4.0/AV:A/AC:H/AT:P/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N'}


cve-icon MITRE

Status: PUBLISHED

Assigner: icscert

Published: 2024-09-26T17:20:26.885Z

Updated: 2024-11-21T16:57:33.110Z

Reserved: 2024-09-18T21:32:27.324Z

Link: CVE-2024-47123

cve-icon Vulnrichment

Updated: 2024-09-26T18:34:04.472Z

cve-icon NVD

Status : Modified

Published: 2024-09-26T18:15:09.193

Modified: 2024-11-21T17:15:16.473

Link: CVE-2024-47123

cve-icon Redhat

No data.