CWE-276
Incorrect Default Permissions
BaseDraftLikelihood: Medium
Description
During installation, installed file permissions are set to allow anyone to modify those files.
Hierarchy (View 1000)
Parents
Children
none
Related attack patterns (CAPEC)
CAPEC-1 · CAPEC-127 · CAPEC-81
CVEs mapped to this weakness (311)
page 3 of 16| CVE | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2024-51162 | Hig | 0.57 | 8.8 | 0.02 | Nov 20, 2024 | An issue in Audimex EE versions 15.1.20 and earlier allowing a remote attacker to escalate privileges. Analyzing the offline client code, it was identified that it is possible for any user (with any privilege) of Audimex to dump the whole Audimex database. This gives visibility upon password hashes of any user, ongoing audit data and more. | |
| CVE-2024-48292 | Hig | 0.57 | 8.8 | 0.00 | Nov 18, 2024 | An issue in the wssrvc.exe service of QuickHeal Antivirus Pro Version v24.0 and Quick Heal Total Security v24.0 allows authenticated attackers to escalate privileges. | |
| CVE-2020-11921 | Hig | 0.57 | 8.8 | 0.00 | Nov 7, 2024 | An issue was discovered in Lush 2 through 2020-02-25. Due to the lack of Bluetooth traffic encryption, it is possible to hijack an ongoing Bluetooth connection between the Lush 2 and a mobile phone. This allows an attacker to gain full control over the device. | |
| CVE-2019-20458 | Hig | 0.57 | 8.8 | 0.00 | Nov 7, 2024 | An issue was discovered on Epson Expression Home XP255 20.08.FM10I8 devices. By default, the device comes (and functions) without a password. The user is at no point prompted to set up a password on the device (leaving a number of devices without a password). In this case, anyone connecting to the web admin panel is capable of becoming admin without using any credentials. | |
| CVE-2024-42028 | Hig | 0.57 | 8.8 | 0.00 | Oct 28, 2024 | A Local privilege escalation vulnerability found in a Self-Hosted UniFi Network Server with UniFi Network Application (Version 8.4.62 and earlier) allows a malicious actor with a local operational system user to execute high privilege actions on UniFi Network Server. | |
| CVE-2024-48822 | Hig | 0.57 | 8.8 | 0.01 | Oct 14, 2024 | Privilege escalation in Automatic Systems Maintenance SlimLane 29565_d74ecce0c1081d50546db573a499941b10799fb7 allows a remote attacker to escalate privileges via the FtpConfig.php page. | |
| CVE-2024-3904 | Hig | 0.57 | 8.8 | 0.00 | Jul 4, 2024 | Incorrect Default Permissions vulnerability in Smart Device Communication Gateway preinstalled on MELIPC Series MI5122-VW firmware versions "05" to "07" allows a local attacker to execute arbitrary code by saving a malicious file to a specific folder. As a result, the attacker may disclose, tamper with, destroy or delete information in the product, or cause a denial-of-service (DoS) condition on the product. | |
| CVE-2017-16522 | Hig | 0.57 | 8.8 | 0.02 | Nov 3, 2017 | MitraStar GPT-2541GNAC (HGU) 1.00(VNJ0)b1 and DSL-100HN-T1 ES_113WJY0b16 devices allow remote authenticated users to obtain root access by specifying /bin/sh as the command to execute. | |
| CVE-2017-12230 | Hig | 0.57 | 8.8 | 0.01 | Sep 29, 2017 | A vulnerability in the web-based user interface (web UI) of Cisco IOS XE 16.2 could allow an authenticated, remote attacker to elevate their privileges on an affected device. The vulnerability is due to incorrect default permission settings for new users who are created by using the web UI of the affected software. An attacker could exploit this vulnerability by using the web UI of the affected software to create a new user and then logging into the web UI as the newly created user. A successful exploit could allow the attacker to elevate their privileges on the affected device. This vulnerability affects Cisco devices that are running a vulnerable release Cisco IOS XE Software, if the HTTP Server feature is enabled for the device. The newly redesigned, web-based administration UI was introduced in the Denali 16.2 Release of Cisco IOS XE Software. This vulnerability does not affect the web-based administration UI in earlier releases of Cisco IOS XE Software. Cisco Bug IDs: CSCuy83062. | |
| CVE-2025-44643 | Hig | 0.56 | 8.6 | 0.00 | Aug 4, 2025 | Certain Draytek products are affected by Insecure Configuration. This affects AP903 v1.4.18 and AP912C v1.4.9 and AP918R v1.4.9. The setting of the password property in the ripd.conf configuration file sets a hardcoded weak password, posing a security risk. An attacker with network access could exploit this to gain unauthorized control over the routing daemon, potentially altering network routes or intercepting traffic. | |
| CVE-2026-0432 | Hig | 0.55 | — | 0.00 | May 15, 2026 | Incorrect default permissions in the installation directory for the AMD chipset driver could allow an attacker to achieve privilege escalation resulting in arbitrary code execution. | |
| CVE-2026-0539 | Hig | 0.55 | — | 0.00 | Apr 22, 2026 | Incorrect Default Permissions in pcvisit service binary on Windows allows a low-privileged local attacker to escalate their privileges by overwriting the service binary with arbitrary contents. This service binary is automatically launched with NT\SYSTEM privileges on boot. This issue affects all versions after 22.6.22.1329 and was fixed in 25.12.3.1745. | |
| CVE-2025-8432 | Hig | 0.55 | 8.4 | 0.01 | Oct 27, 2025 | Incorrect Default Permissions vulnerability in Centreon Infra Monitoring (MBI modules) allows Embedding Scripts within Scripts by CentreonBI user account on the MBI server This issue affects Infra Monitoring: from 24.10.0 before 24.10.6, from 24.04.0 before 24.04.9, from 23.10.0 before 23.10.15. | |
| CVE-2025-24891 | Cri | 0.55 | 9.6 | 0.00 | Jan 31, 2025 | Dumb Drop is a file upload application. Users with permission to upload to the service are able to exploit a path traversal vulnerability to overwrite arbitrary system files. As the container runs as root by default, there is no limit to what can be overwritten. With this, it's possible to inject malicious payloads into files ran on schedule or upon certain service actions. As the service is not required to run with authentication enabled, this may permit wholly unprivileged users root access. Otherwise, anybody with a PIN. | |
| CVE-2016-5425 | Hig | 0.55 | 7.8 | 0.12 | Oct 13, 2016 | The Tomcat package on Red Hat Enterprise Linux (RHEL) 7, Fedora, CentOS, Oracle Linux, and possibly other Linux distributions uses weak permissions for /usr/lib/tmpfiles.d/tomcat.conf, which allows local users to gain root privileges by leveraging membership in the tomcat group. | |
| CVE-2016-6914 | Hig | 0.54 | 7.8 | 0.01 | Dec 27, 2017 | Ubiquiti UniFi Video before 3.8.0 for Windows uses weak permissions for the installation directory, which allows local users to gain SYSTEM privileges via a Trojan horse taskkill.exe file. | |
| CVE-2016-3943 | Hig | 0.54 | 7.8 | 0.00 | Apr 18, 2016 | Panda Endpoint Administration Agent before 7.50.00, as used in Panda Security for Business products for Windows, uses a weak ACL for the Panda Security/WaAgent directory and sub-directories, which allows local users to gain SYSTEM privileges by modifying an executable module. | |
| CVE-2015-7378 | Hig | 0.54 | 7.8 | 0.00 | Apr 18, 2016 | Panda Security URL Filtering before 4.3.1.9 uses a weak ACL for the "Panda Security URL Filtering" directory and installed files, which allows local users to gain SYSTEM privileges by modifying Panda_URL_Filteringb.exe. | |
| CVE-2026-6823 | Hig | 0.53 | 8.2 | 0.00 | Apr 21, 2026 | HKUDS OpenHarness prior to PR #147 remediation contains an insecure default configuration vulnerability where remote channels inherit allow_from = ["*"] permitting arbitrary remote senders to pass admission checks. Attackers who can reach the configured channel can bypass access controls and reach host-backed agent runtimes, potentially leading to unauthorized file disclosure and read access through default-enabled read-only tools. | |
| CVE-2025-32091 | Hig | 0.53 | 8.2 | 0.00 | Nov 11, 2025 | Incorrect default permissions in some firmware for the Intel(R) Arc(TM) B-series GPUs within Ring 1: Device Drivers may allow an escalation of privilege. System software adversary with a privileged user combined with a low complexity attack may enable escalation of privilege. This result may potentially occur via local access when attack requirements are not present with special internal knowledge and requires no user interaction. The potential vulnerability may impact the confidentiality (high), integrity (high) and availability (high) of the vulnerable system, resulting in subsequent system confidentiality (none), integrity (none) and availability (none) impacts. |