VYPR

CWE-269

Improper Privilege Management

ClassDraftLikelihood: Medium

Description

The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

Hierarchy (View 1000)

Related attack patterns (CAPEC)

CAPEC-122 · CAPEC-233 · CAPEC-58

CVEs mapped to this weakness (1,039)

page 20 of 52
  • CVE-2024-12786HigDec 19, 2024
    risk 0.51cvss 7.8epss 0.00

    A vulnerability, which was classified as critical, was found in X1a0He Adobe Downloader up to 1.3.1 on macOS. Affected is the function shouldAcceptNewConnection of the file com.x1a0he.macOS.Adobe-Downloader.helper of the component XPC Service. The manipulation leads to improper…

  • CVE-2024-52336HigNov 26, 2024
    risk 0.51cvss 7.8epss 0.00

    A script injection vulnerability was identified in the Tuned package. The `instance_create()` D-Bus function can be called by locally logged-in users without authentication. This flaw allows a local non-privileged user to execute a D-Bus call with `script_pre` or `script_post`…

  • CVE-2024-8424HigNov 8, 2024
    risk 0.51cvss 7.8epss 0.00

    Improper Privilege Management vulnerability in WatchGuard EPDR, Panda AD360 and Panda Dome on Windows (PSANHost.exe module) allows arbitrary file delete with SYSTEM permissions. This issue affects EPDR: before 8.00.23.0000; Panda AD360: before 8.00.23.0000; Panda Dome: before…

  • CVE-2024-9002HigOct 11, 2024
    risk 0.51cvss 7.8epss 0.00

    CWE-269: Improper Privilege Management vulnerability exists that could cause unauthorized access, loss of confidentiality, integrity, and availability of the workstation when non-admin authenticated user tries to perform privilege escalation by tampering with the binaries

  • CVE-2024-40802HigJul 29, 2024
    risk 0.51cvss 7.8epss 0.00

    The issue was addressed with improved checks. This issue is fixed in macOS Monterey 12.7.6, macOS Sonoma 14.6, macOS Ventura 13.6.8. A local attacker may be able to elevate their privileges.

  • CVE-2024-40781HigJul 29, 2024
    risk 0.51cvss 7.8epss 0.00

    The issue was addressed with improved checks. This issue is fixed in macOS Monterey 12.7.6, macOS Sonoma 14.6, macOS Ventura 13.6.8. A local attacker may be able to elevate their privileges.

  • CVE-2024-27826HigJul 29, 2024
    risk 0.51cvss 7.8epss 0.00

    The issue was addressed with improved memory handling. This issue is fixed in iOS 17.5 and iPadOS 17.5, macOS Monterey 12.7.6, macOS Sonoma 14.5, macOS Ventura 13.6.8, tvOS 17.5, visionOS 1.3, watchOS 10.5. A local attacker may be able to cause unexpected system shutdown.

  • CVE-2023-50700HigJul 26, 2024
    risk 0.51cvss 7.8epss 0.00

    Insecure Permissions vulnerability in Deepin dde-file-manager 6.0.54 and earlier allows privileged operations to be called by unprivileged users via the D-Bus method.

  • CVE-2024-27811HigJun 10, 2024
    risk 0.51cvss 7.8epss 0.01

    The issue was addressed with improved checks. This issue is fixed in iOS 17.5 and iPadOS 17.5, macOS Sonoma 14.5, tvOS 17.5, visionOS 1.2, watchOS 10.5. An app may be able to elevate privileges.

  • CVE-2024-34332HigJun 10, 2024
    risk 0.51cvss 7.8epss 0.00

    An issue in SiSoftware SANDRA v31.66 (SANDRA.sys 15.18.1.1) and before allows an attacker to escalate privileges via a crafted buffer sent to the Kernel Driver using the DeviceIoControl Windows API.

  • CVE-2024-31756HigMay 21, 2024
    risk 0.51cvss 7.8epss 0.00

    An issue in MarvinTest Solutions Hardware Access Driver v.5.0.3.0 and before and fixed in v.5.0.4.0 allows a local attacker to escalate privileges via the Hw65.sys component.

  • CVE-2024-31757HigMay 21, 2024
    risk 0.51cvss 7.8epss 0.00

    An issue in TeraByte Unlimited Image for Windows v.3.64.0.0 and before and fixed in v.4.0.0.0 allows a local attacker to escalate privileges via the TBOFLHelper64.sys and TBOFLHelper.sys component.

  • CVE-2024-21813HigMay 16, 2024
    risk 0.51cvss 7.9epss 0.00

    Exposure of resource to wrong sphere in some Intel(R) DTT software installers may allow an authenticated user to potentially enable escalation of privilege via local access.

  • CVE-2024-22774HigMay 14, 2024
    risk 0.51cvss 7.8epss 0.00

    An issue in Panoramic Corporation Digital Imaging Software v.9.1.2.7600 allows a local attacker to escalate privileges via the ccsservice.exe component.

  • CVE-2023-7241HigMay 1, 2024
    risk 0.51cvss 7.9epss 0.00

    Privilege Escalation in WRSA.EXE in Webroot Antivirus 8.0.1X- 9.0.35.12 on Windows64 bit and 32 bit allows malicious software to abuse WRSA.EXE to delete arbitrary and protected files.

  • CVE-2024-27518HigApr 29, 2024
    risk 0.51cvss 7.8epss 0.01

    An issue in SUPERAntiSyware Professional X 10.0.1262 and 10.0.1264 allows unprivileged attackers to escalate privileges via a restore of a crafted DLL file into the C:\Program Files\SUPERAntiSpyware folder.

  • CVE-2024-2390HigMar 18, 2024
    risk 0.51cvss 7.8epss 0.00

    As a part of Tenable’s vulnerability disclosure program, a vulnerability in a Nessus plugin was identified and reported. This vulnerability could allow a malicious actor with sufficient permissions on a scan target to place a binary in a specific filesystem location, and…

  • CVE-2024-23276HigMar 8, 2024
    risk 0.51cvss 7.8epss 0.00

    A logic issue was addressed with improved checks. This issue is fixed in macOS Monterey 12.7.4, macOS Sonoma 14.4, macOS Ventura 13.6.5. An app may be able to elevate privileges.

  • CVE-2023-41743HigAug 31, 2023
    risk 0.51cvss 7.8epss 0.00

    Local privilege escalation due to insecure driver communication port permissions. The following products are affected: Acronis Cyber Protect Home Office (Windows) before build 40278, Acronis Cyber Protect Cloud Agent (Windows) before build 31637, Acronis Cyber Protect 15…

  • CVE-2023-26246HigApr 27, 2023
    risk 0.51cvss 7.8epss 0.00

    An issue was discovered in the Hyundai Gen5W_L in-vehicle infotainment system AE_E_PE_EUR.S5W_L001.001.211214. The AppUpgrade binary file, which is used during the firmware installation process, can be modified by an attacker to bypass the digital signature check. This…