Depends a bit on the MAC. CTR-EtM is technically vulnerable (i.e. cryptographically broken), but due to key stream desynchronization the attack will quickly lead to application errors, defeating the attacker. See Sect. 4.3.3.