← back
CVE-2024-47129

Observable Response Discrepancy in goTenna Pro

CVSS 5.3 MEDIUMEPSS 0.1%CWE-204
Vexday Risk Score
13Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 5.3EPSS 0.1%KEV nãoPoC Nuclei Metasploit Patch
Lifecycle
26 Sep 2024Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
The goTenna Pro App does not inject extra characters into broadcasted frames to obfuscate the length of messages. This makes it possible to tell the length of the payload regardless of the encryption used.
CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
Affected products
goTenna · Pro

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://www.cisa.gov/news-events/ics-advisories/icsa-24-270-04