exploitDog

CVE-2023-29656

Опубликовано: 06 июл. 2023

Источник: nvd

CVSS3: 6.1

EPSS Низкий

Описание

An improper authorization vulnerability in Darktrace mobile app (Android) prior to version 6.0.15 allows disabled and low-privilege users to control "antigena" actions(block/unblock traffic) from the mobile application. This vulnerability could create a "shutdown", blocking all ingress or egress traffic in the entire infrastructure where darktrace agents are deployed.

Ссылки

https://darktrace.com
Product
https://ramihub.github.io/
Exploit
Third Party Advisory
https://darktrace.com
Product
https://ramihub.github.io/
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:darktrace:threat_visualizer:*:*:*:*:*:android:*:*

Версия от 6.0.0 (включая) до 6.0.15 (исключая)

EPSS

Процентиль: 7%

0.00027

Низкий

6.1 Medium

CVSS3

Дефекты

CWE-863

Связанные уязвимости

GHSA-83q5-ph4f-qx3w

CVSS3: 6.1

github

больше 2 лет назад

An improper authorization vulnerability in Darktrace mobile app (Android) prior to version 6.0.15 allows disabled and low-privilege users to control "antigena" actions(block/unblock traffic) from the mobile application. This vulnerability could create a "shutdown", blocking all ingress or egress traffic in the entire infrastructure where darktrace agents are deployed.

EPSS

Процентиль: 7%

0.00027

Низкий

6.1 Medium

CVSS3

Дефекты

CWE-863