CVE-2023-29656

Published: Jul 6, 2023Modified: Nov 21, 2024

6.1

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:H

Exploitability: 1.3 / Impact: 4.7

Source: NVD

Description

An improper authorization vulnerability in Darktrace mobile app (Android) prior to version 6.0.15 allows disabled and low-privilege users to control "antigena" actions(block/unblock traffic) from the mobile application. This vulnerability could create a "shutdown", blocking all ingress or egress traffic in the entire infrastructure where darktrace agents are deployed.

Affected (1)

Products: Darktrace: Threat Visualizer

1 product

Threat Visualizer

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Darktrace Threat Visualizer	From 6.0.0 to 6.0.15

Related CWEs

Incorrect Authorization

The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check. This allows attackers to bypass intended access restrictions.

References (4)

https://darktrace.com

Source: cve@mitre.org

Product

https://ramihub.github.io/

Source: cve@mitre.org

ExploitThird Party Advisory

https://darktrace.com

Source: af854a3a-2127-422b-91ae-364da2661108

Product

https://ramihub.github.io/

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

Timeline

No history available yet.