VYPR

CWE-276

Incorrect Default Permissions

BaseDraftLikelihood: Medium

Description

During installation, installed file permissions are set to allow anyone to modify those files.

Hierarchy (View 1000)

Parents

Children

none

Related attack patterns (CAPEC)

CAPEC-1 · CAPEC-127 · CAPEC-81

CVEs mapped to this weakness (474)

page 4 of 24
  • CVE-2025-24891CriJan 31, 2025
    risk 0.55cvss 9.6epss 0.01

    Dumb Drop is a file upload application. Users with permission to upload to the service are able to exploit a path traversal vulnerability to overwrite arbitrary system files. As the container runs as root by default, there is no limit to what can be overwritten. With this, it's…

  • CVE-2016-6914HigDec 27, 2017
    risk 0.54cvss 7.8epss 0.01

    Ubiquiti UniFi Video before 3.8.0 for Windows uses weak permissions for the installation directory, which allows local users to gain SYSTEM privileges via a Trojan horse taskkill.exe file.

  • CVE-2016-5425HigOct 13, 2016
    risk 0.54cvss 7.8epss 0.04

    The Tomcat package on Red Hat Enterprise Linux (RHEL) 7, Fedora, CentOS, Oracle Linux, and possibly other Linux distributions uses weak permissions for /usr/lib/tmpfiles.d/tomcat.conf, which allows local users to gain root privileges by leveraging membership in the tomcat group.

  • CVE-2016-3943HigApr 18, 2016
    risk 0.54cvss 7.8epss 0.01

    Panda Endpoint Administration Agent before 7.50.00, as used in Panda Security for Business products for Windows, uses a weak ACL for the Panda Security/WaAgent directory and sub-directories, which allows local users to gain SYSTEM privileges by modifying an executable module.

  • CVE-2015-7378HigApr 18, 2016
    risk 0.54cvss 7.8epss 0.01

    Panda Security URL Filtering before 4.3.1.9 uses a weak ACL for the "Panda Security URL Filtering" directory and installed files, which allows local users to gain SYSTEM privileges by modifying Panda_URL_Filteringb.exe.

  • CVE-2026-24063HigMar 18, 2026
    risk 0.53cvss 8.2epss 0.00

    When a plugin is installed using the Arturia Software Center (MacOS), it also installs an uninstall.sh bash script in a root owned path. This script is written to disk with the file permissions 777, meaning it is writable by any user. When uninstalling a plugin via the Arturia…

  • CVE-2025-32091HigNov 11, 2025
    risk 0.53cvss 8.2epss 0.00

    Incorrect default permissions in some firmware for the Intel(R) Arc(TM) B-series GPUs within Ring 1: Device Drivers may allow an escalation of privilege. System software adversary with a privileged user combined with a low complexity attack may enable escalation of privilege.…

  • CVE-2024-45067HigMay 14, 2025
    risk 0.53cvss 8.2epss 0.00

    Incorrect default permissions in some Intel(R) Gaudi(R) software installers before version 1.18 may allow an authenticated user to potentially enable escalation of privilege via local access.

  • CVE-2025-3528HigMay 9, 2025
    risk 0.53cvss 8.2epss 0.00

    A flaw was found in the Mirror Registry. The quay-app container shipped as part of the Mirror Registry for OpenShift has write access to the `/etc/passwd`. This flaw allows a malicious actor with access to the container to modify the passwd file and elevate their privileges to…

  • CVE-2017-3209HigJul 24, 2018
    risk 0.53cvss 8.1epss 0.01

    The DBPOWER U818A WIFI quadcopter drone provides FTP access over its own local access point, and allows full file permissions to the anonymous user. The DBPower U818A WIFI quadcopter drone runs an FTP server that by default allows anonymous access without a password, and…

  • CVE-2026-49237HigMay 28, 2026
    risk 0.51cvss 7.8epss 0.00

    An issue was discovered in Canonical Multipass for macOS before version 1.16.3 due to an incomplete fix for CVE-2025-5199. While the patch in version 1.16.0 updated the ownership of the multipassd daemon binary to root:wheel, five co-located binaries (multipass, qemu-img,…

  • CVE-2026-44469HigMay 26, 2026
    risk 0.51cvss 7.8epss 0.00

    The affected product extracts installation files to a temporary directory with incorrect default permissions during administrative installation. A low-privileged local attacker can exploit a TOCTOU race condition with a practical time window to replace verified files with…

  • CVE-2026-44468HigMay 26, 2026
    risk 0.51cvss 7.8epss 0.00

    The affected product creates a directory with insecure default permissions during administrative installation. This allows a low-privileged local attacker to modify a temporary file defining the components to be installed, enabling local privilege escalation by forcing the…

  • CVE-2026-45393HigMay 12, 2026
    risk 0.51cvss 7.8epss 0.00

    A vulnerability chain in Cribl Edge for Windows before 4.17.1 allows a local authenticated user to escalate privileges to NT AUTHORITY\SYSTEM. Incorrect default permissions on the Windows installer's authentication directory (CWE-276) expose a cryptographic secret used for JWT…

  • CVE-2026-39454HigApr 20, 2026
    risk 0.51cvss 7.8epss 0.00

    SKYSEA Client View and SKYMEC IT Manager provided by Sky Co.,LTD. configure the installation folder with improper file access permission settings. A non-administrative user may manipulate and/or place arbitrary files within the installation folder of the product. As a result,…

  • CVE-2026-25203HigApr 10, 2026
    risk 0.51cvss 7.8epss 0.00

    Samsung MagicINFO 9 Server Incorrect Default Permissions Local Privilege Escalation Vulnerability This issue affects MagicINFO 9 Server: less than 21.1091.1.

  • CVE-2026-32680HigMar 26, 2026
    risk 0.51cvss 7.8epss 0.00

    The installer of RATOC RAID Monitoring Manager for Windows allows to customize the installation folder. If the installation folder is customized to some non-default one, the folder may be left with un-secure ACLs and non-administrative users can alter contents of that folder. It…

  • CVE-2026-3315HigMar 10, 2026
    risk 0.51cvss 7.8epss 0.00

    Incorrect Default Permissions, : Execution with Unnecessary Privileges, : Incorrect Permission Assignment for Critical Resource vulnerability in ASSA ABLOY Visionline on Windows allows Configuration/Environment Manipulation.This issue affects Visionline: from 1.0 before 1.33.

  • CVE-2026-26131HigMar 10, 2026
    risk 0.51cvss 7.8epss 0.00

    Incorrect default permissions in .NET allows an authorized attacker to elevate privileges locally.

  • CVE-2026-28727HigMar 6, 2026
    risk 0.51cvss 7.8epss 0.00

    Local privilege escalation due to insecure Unix socket permissions. The following products are affected: Acronis Cyber Protect 17 (macOS) before build 41186, Acronis Cyber Protect Cloud Agent (macOS) before build 41124, Acronis True Image (macOS) before build 42902.