CVE-2024-41931

Summary

CVE-2024-41931 identifies a vulnerability in the goTenna Pro ATAK Plugin where the broadcast key name is transmitted unencrypted, potentially exposing operational locations. Affected products include various models listed as 'y-MdLt', 'y-MdLs', 'y-LgJT', and others. The vulnerability poses a medium risk with a confidentiality impact rated as low, allowing unauthorized access to sensitive location information through adjacent network exploitation without requiring user interaction or privileges. To remediate this issue, it is advisable for organizations to implement encryption for broadcast key transmissions and update their systems as necessary. The exploitability score stands at 2.8, indicating a relatively low complexity for potential attackers.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.