CVE-2024-45838 goTenna CVE debrief

Who should care

Organizations using goTenna Pro ATAK Plugin for tactical communications, particularly military, emergency response, and critical infrastructure operators where participant anonymity or operational security is required. System administrators managing ATAK deployments and information security officers responsible for communications security in field operations.

Technical summary

The goTenna Pro ATAK Plugin fails to encrypt callsign metadata within otherwise encrypted messages, allowing network observers to identify communication participants even when message content remains confidential. This vulnerability affects plugin versions through 1.9.12. The vendor's remediation in version 2.0.7 implements AES-256 encryption for callsigns during encrypted operations. Interim mitigations include operational security practices for callsign selection and key management procedures.

Defensive priority

medium

Recommended defensive actions

• Update goTenna Pro ATAK Plugin to version 2.0.7 or greater to obtain AES-256 encryption for callsigns in encrypted operation
• Select callsigns and key names that do not disclose sensitive operational information such as location, team size, or team name
• Implement strong security measures on all end-user devices including encryption and regular software updates
• Rotate encryption keys regularly according to industry best practices
• For Pro deployments, utilize QR codes for secure exchange of encryption keys
• When broadcasting encryption keys, ensure transmission occurs in secured areas at reduced power (0.5 Watts)
• Implement layered encryption keys to manage communications securely across individuals and teams
• Contact [email protected] for technical assistance with remediation

Evidence notes

CISA ICS advisory ICSA-24-270-05 (Update A, 2024-10-17) documents this vulnerability with CVSS 3.1 score 4.3 (Medium). The advisory confirms affected versions through 1.9.12 and remediation in version 2.0.7 or greater.

Official resources