ICS-CERT AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

The goTenna pro series does not encrypt the callsigns of its users. These callsigns reveal information about the users and can also be leveraged for other vulnerabilities.

The goTenna Pro App does not encrypt callsigns in messages. It is 
recommended to not use sensitive information in callsigns when using 
this and previous versions of the app and update your app to the current
 app version which uses AES-256 encryption for callsigns in encrypted 
operation.

OR
     *cpe:2.3:a:gotenna:gotenna_pro:*:*:*:*:*:iphone_os:*:* versions up to (including) 1.6.1
     *cpe:2.3:a:gotenna:gotenna_pro:*:*:*:*:*:android:*:* versions up to (excluding) 2.0.3

OR
     *cpe:2.3:a:gotenna:gotenna_pro:*:*:*:*:*:*:*:* versions up to (including) 1.6.1

OR
     *cpe:2.3:a:gotenna:gotenna_pro:*:*:*:*:*:*:*:* versions up to (including) 1.6.1

NIST AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

https://www.cisa.gov/news-events/ics-advisories/icsa-24-270-04 No Types Assigned

https://www.cisa.gov/news-events/ics-advisories/icsa-24-270-04 Third Party Advisory, US Government Resource

ICS-CERT CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

ICS-CERT CWE-319

The goTenna pro series does not encrypt the callsigns of its users. These callsigns reveal information about the users and can also be leveraged for other vulnerabilities.

ICS-CERT https://www.cisa.gov/news-events/ics-advisories/icsa-24-270-04 [No types assigned]