CVE-2024-47129

Published Sep 26, 2024

Last updated a month ago

Overview

Description
The goTenna Pro App does not inject extra characters into broadcasted frames to obfuscate the length of messages. This makes it possible to tell the length of the payload regardless of the encryption used.
Source
ics-cert@hq.dhs.gov
NVD status
Modified

Risk scores

CVSS 4.0

Type
Secondary
Base score
5.3
Impact score
-
Exploitability score
-
Vector string
CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Severity
MEDIUM

CVSS 3.1

Type
Primary
Base score
4.3
Impact score
1.4
Exploitability score
2.8
Vector string
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Severity
MEDIUM

Weaknesses

nvd@nist.gov
CWE-203
ics-cert@hq.dhs.gov
CWE-204

Social media

Hype score
Not currently trending

Configurations