CVE-2024-45374

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-270-05", "name": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-270-05", "tags": ["Third Party Advisory", "US Government Resource"], "refsource": ""}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "The goTenna Pro ATAK plugin uses a weak password for sharing encryption \nkeys via the key broadcast method. If the broadcasted encryption key is \ncaptured over RF, and password is cracked via brute force attack, it is \npossible to decrypt it and use it to decrypt all future and past \nmessages sent via encrypted broadcast with that particular key. This \nonly applies when the key is broadcasted over RF. This is an optional \nfeature, so it is advised to use local QR encryption key sharing for \nadditional security on this and previous versions."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "CWE-922"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2024-45374", "ASSIGNER": "ics-cert@hq.dhs.gov"}}, "impact": {"baseMetricV3": {"cvssV3": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "ADJACENT_NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 2.8}}, "publishedDate": "2024-09-26T18:15Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:gotenna:gotenna:*:*:*:*:*:atak:*:*", "cpe_name": [], "vulnerable": true, "versionEndExcluding": "2.0.7"}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2024-10-17T17:15Z"}