What is CVE-2024-47129?

CVE-2024-47129 is a medium-severity vulnerability in Gotenna Pro, classified under Observable Response Discrepancy. CVSS score: 4.3/10. Published 2024-09-26.

How severe is CVE-2024-47129?

Medium severity. CVSS v3 base score is 4.3 out of 10.

Is CVE-2024-47129 known to be exploited?

1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Gotenna Pro

CVE-2024-47129

The goTenna Pro App does not inject extra characters into broadcasted frames to obfuscate the length of messages. This makes it possible to tell the length of the payload regardless of the encryption used.

EPSS: 0.001 (22.8th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 4.3 (Medium). Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N.

Affected products

Gotenna Pro — versions 0

Weakness classification (CWE)

CWE-204 — Observable Response Discrepancy

Public proof-of-concept exploits

fkie-cad/nvd-json-data-feeds

References

www.cisa.gov/news-events/ics-advisories/icsa-24-270-04 (government-resource)

Frequently asked questions

What is CVE-2024-47129?: CVE-2024-47129 is a medium-severity vulnerability in Gotenna Pro, classified under Observable Response Discrepancy. CVSS score: 4.3/10. Published 2024-09-26.
How severe is CVE-2024-47129?: Medium severity. CVSS v3 base score is 4.3 out of 10.
Is CVE-2024-47129 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.