Description Preview
An improper authorization vulnerability (CWE-863) was discovered in the Darktrace mobile app for Android in versions prior to 6.0.15. This vulnerability allows disabled and low-privilege users to control "antigena" actions (block/unblock traffic) from the mobile application despite lacking proper authorization. Exploitation could lead to a "shutdown" scenario where all ingress or egress traffic in the entire infrastructure with Darktrace agents deployed could be blocked, potentially causing a severe denial of service across the organization's network.
Overview
The vulnerability exists in the Darktrace mobile application for Android, which is designed to provide remote access to Darktrace's network security monitoring and response system. The "antigena" feature is a critical component that allows authorized users to take actions to block or allow network traffic based on security threats. Due to improper authorization checks, the application allows users with disabled accounts or insufficient privileges to execute these powerful network control functions. This creates a significant security risk as unauthorized individuals could potentially disrupt an organization's entire network infrastructure by blocking critical traffic flows.
Remediation
Organizations using the Darktrace mobile app for Android should:
- Update the Darktrace mobile app to version 6.0.15 or later immediately
- Audit user accounts with mobile access to ensure proper privilege levels
- Review logs for any suspicious "antigena" actions that may have been performed by unauthorized users
- Consider implementing additional network segmentation to limit the impact of potential abuse of the Darktrace agent infrastructure
- Temporarily disable mobile app access for non-essential users until the update can be applied
References
- Darktrace Product Information: https://darktrace.com
- Security Advisory and Exploit Details: https://ramihub.github.io/
Industry ExposureMost to leastThis section illustrates the prevalence of a specific Common Vulnerabilities and Exposures (CVE) across various industries based on customer reports. The ranking displays industries from the most to least affected by this particular vulnerability, offering valuable insight into where this CVE has been most frequently observed. This information can help organizations within these sectors prioritize their security efforts, understand their relative risk exposure compared to their peers, and focus remediation strategies where they are most needed. By understanding the industry-specific impact, organizations can make more informed decisions regarding patching, resource allocation, and overall risk management related to this CVE.
This section illustrates the prevalence of a specific Common Vulnerabilities and Exposures (CVE) across various industries based on customer reports. The ranking displays industries from the most to least affected by this particular vulnerability, offering valuable insight into where this CVE has been most frequently observed. This information can help organizations within these sectors prioritize their security efforts, understand their relative risk exposure compared to their peers, and focus remediation strategies where they are most needed. By understanding the industry-specific impact, organizations can make more informed decisions regarding patching, resource allocation, and overall risk management related to this CVE.
- Accommodation & Food ServicesAccommodation & Food Services
- Administrative, Support, Waste Management & Remediation ServicesAdministrative, Support, Waste Management & Remediation Services
- Agriculture, Forestry Fishing & HuntingAgriculture, Forestry Fishing & Hunting
- Arts, Entertainment & RecreationArts, Entertainment & Recreation
- ConstructionConstruction
- Educational ServicesEducational Services
- Finance and InsuranceFinance and Insurance
- Health Care & Social AssistanceHealth Care & Social Assistance
- InformationInformation
- Management of Companies & EnterprisesManagement of Companies & Enterprises
- ManufacturingManufacturing
- MiningMining
- Other Services (except Public Administration)Other Services (except Public Administration)
- Professional, Scientific, & Technical ServicesProfessional, Scientific, & Technical Services
- Public AdministrationPublic Administration
- Real Estate Rental & LeasingReal Estate Rental & Leasing
- Retail TradeRetail Trade
- Transportation & WarehousingTransportation & Warehousing
- UtilitiesUtilities
- Wholesale TradeWholesale Trade
