Lucene search

[email protected]CVE-2023-29656

HistoryJul 06, 2023 - 2:15 a.m.

CVE-2023-29656

2023-07-0602:15:09

CWE-863

[email protected]

web.nvd.nist.gov

darktrace

mobile app

android

cve-2023-29656

nvd

vulnerability

improper authorization

antigena

6.1 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:H

6.1 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.2%

JSON

An improper authorization vulnerability in Darktrace mobile app (Android) prior to version 6.0.15 allows disabled and low-privilege users to control “antigena” actions(block/unblock traffic) from the mobile application. This vulnerability could create a “shutdown”, blocking all ingress or egress traffic in the entire infrastructure where darktrace agents are deployed.

Affected configurations

NVD

Node

darktracethreat_visualizerRange6.0.0–6.0.15android

CPENameOperatorVersion
darktrace:threat_visualizerdarktrace threat visualizerlt6.0.15

CPE	Name	Operator	Version
darktrace:threat_visualizer	darktrace threat visualizer	lt	6.0.15

References

darktrace.com

ramihub.github.io/

6.1 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:H

6.1 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.2%

JSON

Related for CVE-2023-29656

nvd1 prion1 cvelist1