CVE-2024-47125

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-270-04", "name": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-270-04", "tags": ["Third Party Advisory", "US Government Resource"], "refsource": ""}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "The goTenna Pro App does not authenticate public keys which allows an \nunauthenticated attacker to manipulate messages. It is advised to update\n your app to the current release for enhanced encryption protocols."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "CWE-287"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2024-47125", "ASSIGNER": "ics-cert@hq.dhs.gov"}}, "impact": {"baseMetricV3": {"cvssV3": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.4, "attackVector": "ADJACENT_NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 2.5, "exploitabilityScore": 2.8}}, "publishedDate": "2024-09-26T18:15Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:gotenna:gotenna_pro:*:*:*:*:*:iphone_os:*:*", "cpe_name": [], "vulnerable": true, "versionEndIncluding": "1.6.1"}, {"cpe23Uri": "cpe:2.3:a:gotenna:gotenna_pro:*:*:*:*:*:android:*:*", "cpe_name": [], "vulnerable": true, "versionEndExcluding": "2.0.3"}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2024-10-17T18:15Z"}