CVE-2024-9310 Traffic Alert and Collision Avoidance System (TCAS) II CVE debrief

Who should care

Aviation operators, aircraft maintenance organizations, air traffic management authorities, aviation safety regulators, and aerospace security teams should monitor this vulnerability for potential operational impact and coordinate with CISA on anomaly reporting procedures.

Technical summary

CVE-2024-9310 is a medium-severity vulnerability (CVSS 6.1) in Traffic Alert and Collision Avoidance System (TCAS) II versions 7.1 and earlier. The attack requires adjacent network access and high complexity, utilizing software-defined radios with custom low-latency processing pipelines to inject spoofed RF signals. Successful exploitation can cause fake aircraft to appear on pilot displays and trigger undesired Resolution Advisories. The vulnerability is not remotely exploitable and has no known public exploitation. No mitigation is currently available.

Defensive priority

medium

Recommended defensive actions

• Monitor aircraft TCAS displays for anomalous traffic patterns that may indicate spoofing activity
• Establish and follow internal procedures for reporting suspected malicious activity to CISA
• Review CISA ICS recommended practices for defense-in-depth strategies applicable to aviation systems
• Coordinate with aviation safety authorities regarding TCAS anomaly detection and response procedures
• Maintain awareness of TCAS II standard updates that may address this vulnerability class

Evidence notes

CISA advisory ICSA-25-021-01 confirms the vulnerability affects TCAS II versions 7.1 and earlier. The CVSS 3.1 vector (AV:A/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N) indicates adjacent network attack vector, high attack complexity, no privileges required, no user interaction, changed scope, no confidentiality impact, high integrity impact, and no availability impact. CISA explicitly states no known public exploitation has been reported and the vulnerability is not exploitable remotely.

Official resources