What is CVE-2024-47126?

CVE-2024-47126 is a medium-severity vulnerability in Gotenna Pro, classified under Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG). CVSS score: 6.5/10. Published 2024-09-26.

How severe is CVE-2024-47126?

Medium severity. CVSS v3 base score is 6.5 out of 10.

Is CVE-2024-47126 known to be exploited?

1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Gotenna Pro

CVE-2024-47126

The goTenna Pro App does not use SecureRandom when generating passwords for sharing cryptographic keys. The random function in use makes it easier for attackers to brute force this password if the broadcasted encryption key is captured…

EPSS: 0.001 (23.9th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 6.5 (Medium). Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N.

Affected products

Gotenna Pro — versions 0

Weakness classification (CWE)

CWE-338 — Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)

Public proof-of-concept exploits

fkie-cad/nvd-json-data-feeds

References

www.cisa.gov/news-events/ics-advisories/icsa-24-270-04 (government-resource)

Frequently asked questions

What is CVE-2024-47126?: CVE-2024-47126 is a medium-severity vulnerability in Gotenna Pro, classified under Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG). CVSS score: 6.5/10. Published 2024-09-26.
How severe is CVE-2024-47126?: Medium severity. CVSS v3 base score is 6.5 out of 10.
Is CVE-2024-47126 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.