CVE-2024-43814 – The goTenna Pro ATAK Plugin's default settings ... (How to Fix)

Q: What is the severity of CVE-2024-43814?

CVE-2024-43814 has a CVSS score of 4.3 (MEDIUM). The goTenna Pro ATAK Plugin's default settings broadcast user location data every 60 seconds without encryption when the plugin is active. This vulnerability allows unauthorized parties to track users' real-time positions. Affected users are military, emergency responders, and other personnel using goTenna Pro with ATAK in operational environments.

📋 TL;DR

The goTenna Pro ATAK Plugin's default settings broadcast user location data every 60 seconds without encryption when the plugin is active. This vulnerability allows unauthorized parties to track users' real-time positions. Affected users are military, emergency responders, and other personnel using goTenna Pro with ATAK in operational environments.

💻 Affected Systems

Products:

goTenna Pro ATAK Plugin

Versions: All versions before the fix

Operating Systems: Android (ATAK platform)

Default Config Vulnerable: ⚠️ Yes

Notes: Vulnerability only manifests when plugin is active and goTenna device is connected. Requires physical proximity for RF interception.

📦 What is this software?

Gotenna by Gotenna

View all CVEs affecting Gotenna →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Adversaries intercept unencrypted location data to track and target personnel in combat or emergency situations, potentially leading to physical harm or mission compromise.

🟠

Likely Case

Unauthorized surveillance of personnel movements, revealing operational patterns and compromising mission security.

🟢

If Mitigated

Minimal risk when encryption is properly enabled and PLI settings are configured appropriately.

🌐 Internet-Facing: LOW

🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploitation requires RF monitoring equipment within range of goTenna transmissions. No authentication needed to intercept broadcasts.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Latest plugin version (specific version not specified in advisory)

Vendor Advisory: https://www.cisa.gov/news-events/ics-advisories/icsa-24-270-05

Restart Required: Yes

Instructions:

1. Update goTenna Pro ATAK Plugin to latest version
2. Restart ATAK application
3. Verify encryption is enabled before missions

🔧 Temporary Workarounds

Manual Encryption Enablement

all

Manually enable encryption in plugin settings before starting any mission

No CLI commands - GUI configuration only

PLI Broadcast Disablement

all

Disable automatic PLI broadcasts or increase broadcast interval

No CLI commands - GUI configuration only

🧯 If You Can't Patch

Always enable encryption before activating plugin for missions
Configure PLI broadcast to minimum necessary frequency or disable entirely

🔍 How to Verify

Check if Vulnerable:

Check if plugin is using default PLI settings (60-second broadcasts) without encryption enabled

Check Version:

Check within ATAK app: Settings → Plugin Manager → goTenna Pro Plugin

Verify Fix Applied:

Verify plugin version is updated and encryption is active before mission start

📡 Detection & Monitoring

Log Indicators:

Unencrypted PLI transmissions in goTenna logs
Plugin activation without encryption enablement

Network Indicators:

RF monitoring detecting unencrypted position broadcasts on goTenna frequencies

SIEM Query:

Not applicable - primarily RF-based detection rather than network logs

📊 Metadata

CVE ID: CVE-2024-43814

CVSS v3 Score: 4.3 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

CWE: CWE-201

Published: September 26, 2024

Last Updated: October 17, 2024

🔗 References

https://www.cisa.gov/news-events/ics-advisories/icsa-24-270-05 Third Party Advisory,US Government Resource

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-43814, you might also want to check these: