4.3
CVSSv2

CVE-2019-9596

Published: 23/10/2019 Updated: 28/10/2019
CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6
VMScore: 383
Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

Vulnerability Summary

Darktrace Enterprise Immune System prior to 3.1 allows CSRF via the /whitelisteddomains endpoint.

Vulnerability Trend

Affected Products

Vendor Product Versions
DarktraceEnterprise Immune System-, 3.0.9, 3.0.10

Mailing Lists

1 - Vulnerability Darktrace Enterpise Immune System 309 and 3010 contains multiple cross site request forgery vulnerabilities It is highly likely that older versions are affected as well, but this has not been confirmed An attacker can whitelist domains and/or change core Darktrace configuration The below proof of concept whitelists wwwevil ...
Darktrace Enterprise Immune System versions 309 and 3010 contain multiple cross site request forgery vulnerabilities It is highly likely that older versions are affected as well, but this has not been confirmed An attacker can whitelist domains and/or change core Darktrace configuration ...

Github Repositories

CVE-2019-9596-and-CVE-2019-9597 Darktrace CSRF exploit wwwpeerlystcom/posts/exploiting-two-zero-days-in-a-darktrace-appliance-cve-2019-9596-and-cve-2019-9597-gerwout-van-der-veen seclistsorg/bugtraq/2019/May/54