CVE-2024-41722 – The goTenna Pro ATAK Plugin vulnerability allow... (How to Fix)

Q: What is the severity of CVE-2024-41722?

CVE-2024-41722 has a CVSS score of 6.5 (MEDIUM). The goTenna Pro ATAK Plugin vulnerability allows attackers to inject forged messages with arbitrary group IDs and callsigns into goTenna mesh networks using software-defined radio. This affects users of goTenna Pro devices in ATAK environments, particularly when operating without encryption or with compromised cryptography.

📋 TL;DR

The goTenna Pro ATAK Plugin vulnerability allows attackers to inject forged messages with arbitrary group IDs and callsigns into goTenna mesh networks using software-defined radio. This affects users of goTenna Pro devices in ATAK environments, particularly when operating without encryption or with compromised cryptography.

💻 Affected Systems

Products:

goTenna Pro ATAK Plugin

Versions: All versions prior to patched release

Operating Systems: Android (ATAK platform)

Default Config Vulnerable: ⚠️ Yes

Notes: Vulnerability requires physical access to mesh network range and either unencrypted operation or compromised encryption keys.

📦 What is this software?

Gotenna by Gotenna

View all CVEs affecting Gotenna →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete compromise of tactical communications with forged orders, false location data, or malicious commands leading to operational failure or physical harm.

🟠

Likely Case

Disruption of legitimate communications, injection of false information, and potential confusion among tactical teams.

🟢

If Mitigated

Limited impact if strong encryption with QR code authentication is properly implemented and maintained.

🌐 Internet-Facing: LOW (requires physical proximity to mesh network)

🏢 Internal Only: HIGH (exploitable within operational mesh networks)

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: MEDIUM

Requires software-defined radio equipment and proximity to target mesh network. No authentication needed for message injection.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Check vendor advisory for specific version

Vendor Advisory: https://www.cisa.gov/news-events/ics-advisories/icsa-24-270-05

Restart Required: Yes

Instructions:

1. Update goTenna Pro ATAK Plugin to latest version
2. Ensure encryption is enabled with QR code authentication
3. Restart ATAK application

🔧 Temporary Workarounds

Enable Strong Encryption

all

Always use encryption with QR code authentication for all operations

Network Segmentation

all

Physically separate critical mesh networks from general use networks

🧯 If You Can't Patch

Always operate with encryption and QR code authentication enabled
Implement physical security measures to prevent unauthorized radio access to operational areas

🔍 How to Verify

Check if Vulnerable:

Check goTenna Pro ATAK Plugin version against vendor advisory

Check Version:

Check within ATAK app settings or device application manager

Verify Fix Applied:

Confirm plugin is updated to patched version and encryption with QR code is active

📡 Detection & Monitoring

Log Indicators:

Unexpected GID/callsign combinations
Messages from unknown sources
Encryption status changes

Network Indicators:

Radio frequency anomalies in operational bands
Unexpected message injection patterns

SIEM Query:

Not applicable for tactical radio networks

📊 Metadata

CVE ID: CVE-2024-41722

CVSS v3 Score: 6.5 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CWE: CWE-1390

Published: September 26, 2024

Last Updated: October 17, 2024

🔗 References

https://www.cisa.gov/news-events/ics-advisories/icsa-24-270-05 Third Party Advisory,US Government Resource

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-41722, you might also want to check these: