the local public keys used for P2P and group messages. It is advised to
update your app to the current release for enhanced encryption
protocols.
Metrics
Affected Vendors & Products
Solution
goTenna recommends that users mitigate these vulnerabilities by performing the following updates: * Android Pro: v2.0.3 or greater * iOS Pro: v2.0.3 or greater
Workaround
goTenna recommends that users follow these mitigations: General Mitigations for All Users/Clients * Use Discreet Callsigns and Key Names: Choose callsigns and key names that do not disclose sensitive information, such as your location, team size, or team name. Avoid using any identifiers that could inadvertently reveal your location or the composition of your team. * Secure End-User Devices: Implement strong security measures on all end-user devices, including the use of encryption and ensuring regular software updates. * Follow Key Rotation Best Practices: Regularly rotate encryption keys according to industry best practices to maintain ongoing security. Pro-Specific Mitigations * Share Encryption Keys via QR Code: Utilize QR codes, similar to ATAK, for the secure exchange of encryption keys. * Secure Broadcasting: When broadcasting, ensure you are in a secured area and transmit the key at a reduced power of 0.5 Watts to limit exposure. * Leverage Layered Encryption: Implement layered encryption keys to securely manage communications, whether interacting with individuals or teams. If you have any questions please contact prosupport@gotenna.com. goTenna recommends users follow their secure operating best practices https://support.gotennapro.com/s/article/Secure-Operating
Thu, 17 Oct 2024 17:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | The goTenna Pro series allows unauthenticated attackers to remotely update the local public keys used for P2P and Group messages. | The goTenna Pro App allows unauthenticated attackers to remotely update the local public keys used for P2P and group messages. It is advised to update your app to the current release for enhanced encryption protocols. |
Metrics |
cvssV3_1
|
cvssV3_1
|
Mon, 07 Oct 2024 18:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
CPEs | cpe:2.3:a:gotenna:gotenna_pro:*:*:*:*:*:android:*:* cpe:2.3:a:gotenna:gotenna_pro:*:*:*:*:*:iphone_os:*:* |
Fri, 04 Oct 2024 18:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Gotenna gotenna Pro
|
|
CPEs | cpe:2.3:a:gotenna:gotenna_pro:*:*:*:*:*:*:*:* | |
Vendors & Products |
Gotenna gotenna Pro
|
|
Metrics |
cvssV3_1
|
Thu, 26 Sep 2024 19:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Gotenna
Gotenna pro App |
|
CPEs | cpe:2.3:a:gotenna:pro_app:*:*:*:*:*:*:*:* | |
Vendors & Products |
Gotenna
Gotenna pro App |
|
Metrics |
ssvc
|
Thu, 26 Sep 2024 17:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | The goTenna Pro series allows unauthenticated attackers to remotely update the local public keys used for P2P and Group messages. | |
Title | Missing Authentication for Critical Function in goTenna Pro | |
Weaknesses | CWE-306 | |
References |
| |
Metrics |
cvssV4_0
|

Status: PUBLISHED
Assigner: icscert
Published:
Updated: 2024-10-17T17:42:43.163Z
Reserved: 2024-09-18T21:32:27.325Z
Link: CVE-2024-47130

Updated: 2024-09-26T18:13:26.531Z

Status : Modified
Published: 2024-09-26T18:15:10.040
Modified: 2024-10-17T18:15:07.130
Link: CVE-2024-47130

No data.

No data.