CVE-2024-11166

Traffic Alert and Collision Avoidance System (TCAS) II has an External Control of System or Configuration Setting vulnerability

Description

For TCAS II systems using transponders compliant with MOPS earlier than RTCA DO-181F, an attacker can impersonate a ground station and issue a Comm-A Identity Request. This action can set the Sensitivity Level Control (SLC) to the lowest setting and disable the Resolution Advisory (RA), leading to a denial-of-service condition.

Remediation

Workaround:

  • After consulting with the Federal Aviation Administration (FAA) and the researchers regarding these vulnerabilities, it has been concluded that CVE-2024-11166 can be fully mitigated by upgrading to ACAS X or by upgrading the associated transponder to comply with RTCA DO-181F. Currently, there is no mitigation available for CWE-2024-9310. These vulnerabilities in the TCAS II standard are exploitable in a lab environment. However, they require very specific conditions to be met and are unlikely to be exploited outside of a lab setting. Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents. No known public exploitation specifically targeting these vulnerabilities has been reported to CISA at this time. These vulnerabilities are not exploitable remotely. These vulnerabilities have a high attack complexity.

Category

7.1
CVSS
Severity: High
CVSS 4.0 •
EPSS 0.02%
Affected: Traffic Alert and Collision Avoidance System (TCAS) II Collision Avoidance Systems
Published at:
Updated at:

References

Link Tags
https://www.cisa.gov/news-events/ics-advisories/icsa-25-021-01 government resource

Frequently Asked Questions

What is the severity of CVE-2024-11166?
CVE-2024-11166 has been scored as a high severity vulnerability.
How to fix CVE-2024-11166?
As a workaround for remediating CVE-2024-11166: After consulting with the Federal Aviation Administration (FAA) and the researchers regarding these vulnerabilities, it has been concluded that CVE-2024-11166 can be fully mitigated by upgrading to ACAS X or by upgrading the associated transponder to comply with RTCA DO-181F. Currently, there is no mitigation available for CWE-2024-9310. These vulnerabilities in the TCAS II standard are exploitable in a lab environment. However, they require very specific conditions to be met and are unlikely to be exploited outside of a lab setting. Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents. No known public exploitation specifically targeting these vulnerabilities has been reported to CISA at this time. These vulnerabilities are not exploitable remotely. These vulnerabilities have a high attack complexity.
Is CVE-2024-11166 being actively exploited in the wild?
As for now, there are no information to confirm that CVE-2024-11166 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2024-11166?
CVE-2024-11166 affects Traffic Alert and Collision Avoidance System (TCAS) II Collision Avoidance Systems.
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.