CVE-2024-45838 – The goTenna Pro ATAK Plugin fails to encrypt ca... (How to Fix)

Q: What is the severity of CVE-2024-45838?

CVE-2024-45838 has a CVSS score of 4.3 (MEDIUM). The goTenna Pro ATAK Plugin fails to encrypt callsigns in messages, potentially exposing sensitive information to unauthorized observers. This affects users of the goTenna Pro ATAK Plugin who transmit sensitive callsign data. Attackers could intercept unencrypted callsigns during transmission.

📋 TL;DR

The goTenna Pro ATAK Plugin fails to encrypt callsigns in messages, potentially exposing sensitive information to unauthorized observers. This affects users of the goTenna Pro ATAK Plugin who transmit sensitive callsign data. Attackers could intercept unencrypted callsigns during transmission.

💻 Affected Systems

Products:

goTenna Pro ATAK Plugin

Versions: All versions prior to the current patched version

Operating Systems: Android (ATAK platform)

Default Config Vulnerable: ⚠️ Yes

Notes: Vulnerability exists in encrypted operation mode where callsigns remain unencrypted despite other message content being encrypted.

📦 What is this software?

Gotenna by Gotenna

View all CVEs affecting Gotenna →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Sensitive operational callsigns are intercepted, revealing operator identities, locations, and mission details, potentially leading to physical compromise or operational disruption.

🟠

Likely Case

Unauthorized parties intercept non-sensitive callsigns, gaining limited operational awareness but no critical compromise.

🟢

If Mitigated

With proper controls (avoiding sensitive callsigns), impact is minimal as only non-sensitive identifiers are exposed.

🌐 Internet-Facing: LOW

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires network access to intercept communications; no authentication bypass needed as callsigns are transmitted in cleartext.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Current plugin version (specific version not specified in advisory)

Vendor Advisory: https://www.cisa.gov/news-events/ics-advisories/icsa-24-270-05

Restart Required: Yes

Instructions:

1. Update the goTenna Pro ATAK Plugin to the latest version via official channels. 2. Restart the ATAK application to apply changes. 3. Verify callsigns are now encrypted in messages.

🔧 Temporary Workarounds

Avoid Sensitive Callsigns

all

Do not use sensitive or identifying information in callsigns when using vulnerable versions.

🧯 If You Can't Patch

Avoid transmitting any sensitive information in callsigns.
Use alternative secure communication methods for sensitive callsign data.

🔍 How to Verify

Check if Vulnerable:

Check if using goTenna Pro ATAK Plugin version prior to the current patched version; if callsigns appear unencrypted in network captures, system is vulnerable.

Check Version:

Check plugin version within ATAK app settings or consult vendor documentation.

Verify Fix Applied:

Update to latest plugin version and confirm callsigns are encrypted in message transmissions using network analysis tools.

📡 Detection & Monitoring

Log Indicators:

Unusual network interception events or unauthorized access to communications logs.

Network Indicators:

Intercepted unencrypted callsign data in goTenna Pro ATAK Plugin network traffic.

SIEM Query:

Search for network traffic containing unencrypted callsign strings associated with goTenna Pro ATAK Plugin communications.

📊 Metadata

CVE ID: CVE-2024-45838

CVSS v3 Score: 4.3 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

CWE: CWE-319

Published: September 26, 2024

Last Updated: October 17, 2024

🔗 References

https://www.cisa.gov/news-events/ics-advisories/icsa-24-270-05 Third Party Advisory,US Government Resource

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-45838, you might also want to check these: