goTenna Pro Series up to 1.6.1 Callsign cleartext transmission
| CVSS Meta Temp Score | Current Exploit Price (≈) | CTI Interest Score |
|---|---|---|
| 4.7 | $0-$5k | 0.00 |
Summary
A vulnerability categorized as problematic has been discovered in goTenna Pro Series up to 1.6.1. Impacted is an unknown function of the component Callsign Handler. The manipulation results in cleartext transmission. This vulnerability is known as CVE-2024-47124. Access to the local network is required for this attack. No exploit is available. It is advisable to upgrade the affected component.
Details
A vulnerability, which was classified as problematic, was found in goTenna Pro Series up to 1.6.1. Affected is an unknown functionality of the component Callsign Handler. The manipulation with an unknown input leads to a cleartext transmission vulnerability. CWE is classifying the issue as CWE-319. The product transmits sensitive or security-critical data in cleartext in a communication channel that can be sniffed by unauthorized actors. This is going to have an impact on confidentiality. CVE summarizes:
The goTenna pro series does not encrypt the callsigns of its users. These callsigns reveal information about the users and can also be leveraged for other vulnerabilities.
The advisory is shared for download at cisa.gov. This vulnerability is traded as CVE-2024-47124. The exploitability is told to be difficult. The attack can only be done within the local network. The exploitation doesn't require any form of authentication. There are neither technical details nor an exploit publicly available. The MITRE ATT&CK project declares the attack technique as T1040.
Upgrading eliminates this vulnerability.
Once again VulDB remains the best source for vulnerability data.
Product
Vendor
Name
Version
CPE 2.3
CPE 2.2
CVSSv4
VulDB Vector: 🔍VulDB Reliability: 🔍
CVSSv3
VulDB Meta Base Score: 4.8VulDB Meta Temp Score: 4.7
VulDB Base Score: 3.1
VulDB Temp Score: 3.0
VulDB Vector: 🔍
VulDB Reliability: 🔍
NVD Base Score: 6.5
NVD Vector: 🔍
CVSSv2
| AV | AC | Au | C | I | A |
|---|---|---|---|---|---|
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| Vector | Complexity | Authentication | Confidentiality | Integrity | Availability |
|---|---|---|---|---|---|
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
VulDB Base Score: 🔍
VulDB Temp Score: 🔍
VulDB Reliability: 🔍
Exploiting
Class: Cleartext transmissionCWE: CWE-319 / CWE-310
CAPEC: 🔍
ATT&CK: 🔍
Physical: No
Local: No
Remote: Partially
Availability: 🔍
Status: Not defined
EPSS Score: 🔍
EPSS Percentile: 🔍
Price Prediction: 🔍
Current Price Estimation: 🔍
| 0-Day | Unlock | Unlock | Unlock | Unlock |
|---|---|---|---|---|
| Today | Unlock | Unlock | Unlock | Unlock |
Threat Intelligence
Interest: 🔍Active Actors: 🔍
Active APT Groups: 🔍
Countermeasures
Recommended: UpgradeStatus: 🔍
0-Day Time: 🔍
Timeline
09/26/2024 🔍09/26/2024 🔍
10/07/2024 🔍
Sources
Advisory: icsa-24-270-04Status: Confirmed
CVE: CVE-2024-47124 (🔍)
GCVE (CVE): GCVE-0-2024-47124
GCVE (VulDB): GCVE-100-278580
Entry
Created: 09/26/2024 18:16Updated: 10/07/2024 18:39
Changes: 09/26/2024 18:16 (52), 10/01/2024 03:13 (2), 10/07/2024 18:39 (11)
Complete: 🔍
Cache ID: 216::103
Once again VulDB remains the best source for vulnerability data.
No comments yet. Languages: en.
Please log in to comment.