#VU89694 Cleartext transmission of sensitive information in dectalk-tts - CVE-2024-31206

Cybersecurity Help s.r.o.

Published: 2024-05-21

Vulnerability identifier: #VU89694

Vulnerability risk: High

CVSSv4.0: 6.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Amber]

CVE-ID: CVE-2024-31206

CWE-ID: CWE-319

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
dectalk-tts
Other software / Other software solutions

Vendor: JstnMcBrd

Description

The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to software uses insecure communication channel to transmit sensitive information. A remote attacker with the ability to intercept network traffic can gain access to sensitive data.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

dectalk-tts: 1.0.0

External links
https://github.com/JstnMcBrd/dectalk-tts/security/advisories/GHSA-6cf6-8hvr-r68w
https://github.com/JstnMcBrd/dectalk-tts/issues/3
https://github.com/JstnMcBrd/dectalk-tts/pull/4
https://github.com/JstnMcBrd/dectalk-tts/commit/3600d8ac156f27da553ac4ead46d16989a350105
https://github.com/JstnMcBrd/dectalk-tts/blob/b3e92156cbb699218ac9b9c7d8979abd0e635767/src/index.ts#L18

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Multiple vulnerabilities in IBM Voice Gateway