CVE-2024-43108

MEDIUM Year: 2024
CVSS v3 Score
6.5
Medium
Weakness Type
CWE-353
View all →

Vulnerability Description

The goTenna Pro ATAK Plugin uses AES CTR type encryption for short, encrypted messages without any additional integrity checking mechanisms. This leaves messages malleable to an attacker that can access the message. It is advised to continue to use encryption in the plugin and update to the current release for enhanced encryption protocols.

Related Vulnerabilities

CVE-2021-28546

MEDIUM
CVSS:6.5(Medium)

Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020.001.30018 (and earlier) and 2017.011.30188 (and earlier) are missing support for an integrity check. An unauthenticated attacker ...

CWE-3532021

CVE-2021-38396

MEDIUM
CVSS:6.8(Medium)

The programmer installation utility does not perform a cryptographic authenticity or integrity checks of the software on the flash drive. An attacker could leverage this weakness to install unauthoriz...

CWE-3532021

CVE-2019-10943

HIGH
CVSS:7.5(High)

A vulnerability has been identified in SIMATIC Drive Controller family (All versions), SIMATIC ET 200SP Open Controller CPU 1515SP PC (incl. SIPLUS variants) (All versions), SIMATIC ET 200SP Open Cont...

CWE-3532019

CVE-2020-7807

MEDIUM
CVSS:5.5(Medium)

A vulnerability that can hijack a DLL file that is loaded during products(LGPCSuite_Setup, IPSFULLHD, LG_ULTRAWIDE, ULTRA_HD_Driver Setup) installation into a DLL file that the hacker wants. Missing S...

CWE-3532020

CVE-2022-24404

HIGH
CVSS:7.5(High)

Lack of cryptographic integrity check on TETRA air-interface encrypted traffic. Since a stream cipher is employed, this allows an active adversary to manipulate cleartext data in a bit-by-bit fashion.

CWE-3532022

CVE-2023-32475

HIGH
CVSS:7.6(High)

Dell BIOS contains a missing support for integrity check vulnerability. An attacker with physical access to the system could potentially bypass security mechanisms to run arbitrary code on the system.

CWE-3532023