Vulnerability Details : CVE-2023-29656
Potential exploit
An improper authorization vulnerability in Darktrace mobile app (Android) prior to version 6.0.15 allows disabled and low-privilege users to control "antigena" actions(block/unblock traffic) from the mobile application. This vulnerability could create a "shutdown", blocking all ingress or egress traffic in the entire infrastructure where darktrace agents are deployed.
Products affected by CVE-2023-29656
- Darktrace » Threat Visualizer » For AndroidVersions from including (>=) 6.0.0 and before (<) 6.0.15cpe:2.3:a:darktrace:threat_visualizer:*:*:*:*:*:android:*:*
Exploit prediction scoring system (EPSS) score for CVE-2023-29656
0.03%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 6 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2023-29656
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
6.1
|
MEDIUM | CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:H |
1.3
|
4.7
|
NIST |
CWE ids for CVE-2023-29656
-
The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check.Assigned by: nvd@nist.gov (Primary)
References for CVE-2023-29656
-
https://ramihub.github.io/
[Disclosure for CVE-2023-29656] | ramihub.github.ioExploit;Third Party Advisory
-
https://darktrace.com
Darktrace | Cyber security that learns youProduct
Jump to