VYPR

CWE-300

Channel Accessible by Non-Endpoint

ClassDraft

Description

The product does not adequately verify the identity of actors at both ends of a communication channel, or does not adequately ensure the integrity of the channel, in a way that allows the channel to be accessed or influenced by an actor that is not an endpoint.

In order to establish secure communication between two parties, it is often important to adequately verify the identity of entities at each end of the communication channel. Inadequate or inconsistent verification may result in insufficient or incorrect identification of either communicating entity. This can have negative consequences such as misplaced trust in the entity at the other end of the channel. An attacker can leverage this by interposing between the communicating entities and masquerading as the original entity. In the absence of sufficient verification of identity, such an attacker can eavesdrop and potentially modify the communication between the original entities.

Hierarchy (View 1000)

Parents

Children

none

Related attack patterns (CAPEC)

CAPEC-466 · CAPEC-57 · CAPEC-589 · CAPEC-590 · CAPEC-612 · CAPEC-613 · CAPEC-615 · CAPEC-662 · CAPEC-94

CVEs mapped to this weakness (23)

page 1 of 2
  • CVE-2009-3555CriNov 9, 2009
    risk 0.67cvss 9.8epss 0.87

    The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Security Services (NSS) 3.12.4…

  • CVE-2017-7480CriJul 21, 2017
    risk 0.64cvss 9.8epss 0.02

    rkhunter versions before 1.4.4 are vulnerable to file download over insecure channel when doing mirror update resulting into potential remote code execution.

  • CVE-2024-39705CriJun 27, 2024
    risk 0.57cvss 9.8epss 0.01

    NLTK through 3.8.1 allows remote code execution if untrusted packages have pickled Python code, and the integrated data package download functionality is used. This affects, for example, averaged_perceptron_tagger and punkt.

  • CVE-2024-36553HigFeb 6, 2025
    risk 0.53cvss 8.1epss 0.00

    Forever KidsWatch Call Me KW-50 R36_YDR_A3PW_GM7S_V1.0_2019_07_15_16.19.24_cob_h is vulnerable to MITM attack.

  • CVE-2021-32926HigJun 3, 2021
    risk 0.49cvss 7.5epss 0.02

    When an authenticated password change request takes place, this vulnerability could allow the attacker to intercept the message that includes the legitimate, new password hash and replace it with an illegitimate hash. The user would no longer be able to authenticate to the…

  • CVE-2017-12150HigJul 26, 2018
    risk 0.49cvss 7.4epss 0.13

    It was found that samba before 4.4.16, 4.5.x before 4.5.14, and 4.6.x before 4.6.8 did not enforce "SMB signing" when certain configuration options were enabled. A remote attacker could launch a man-in-the-middle attack and retrieve information in plain-text.

  • CVE-2017-12151HigJul 27, 2018
    risk 0.48cvss 7.4epss 0.05

    A flaw was found in the way samba client before samba 4.4.16, samba 4.5.14 and samba 4.6.8 used encryption with the max protocol set as SMB3. The connection could lose the requirement for signing and encrypting to any DFS redirects, allowing an attacker to read or alter the…

  • CVE-2017-15086HigNov 8, 2017
    risk 0.48cvss 7.4epss 0.02

    It was discovered that the fix for CVE-2017-12151 was not properly shipped in erratum RHSA-2017:2858 for Red Hat Gluster Storage 3.3 for RHEL 6.

  • CVE-2017-12735HigAug 30, 2017
    risk 0.48cvss 7.4epss 0.01

    A vulnerability has been identified in LOGO! 8 BM (incl. SIPLUS variants) (All versions < V8.3). An attacker who performs a Man-in-the-Middle attack between the LOGO! BM and other devices could potentially decrypt and modify network traffic.

  • CVE-2017-9941HigAug 8, 2017
    risk 0.48cvss 7.4epss 0.01

    A vulnerability was discovered in Siemens SiPass integrated (All versions before V2.70) that could allow an attacker in a Man-in-the-Middle position between the SiPass integrated server and SiPass integrated clients to read or modify the network communication.

  • CVE-2017-6870HigAug 8, 2017
    risk 0.48cvss 7.4epss 0.01

    A vulnerability was discovered in Siemens SIMATIC WinCC Sm@rtClient for Android (All versions before V1.0.2.2). The existing TLS protocol implementation could allow an attacker to read and modify data within a TLS session while performing a Man-in-the-Middle (MitM) attack.

  • CVE-2024-31206HigApr 4, 2024
    risk 0.46cvss 8.2epss 0.00

    dectalk-tts is a Node package to interact with the aeiou Dectalk web API. In `dectalk-tts@1.0.0`, network requests to the third-party API are sent over HTTP, which is unencrypted. Unencrypted traffic can be easily intercepted and modified by attackers. Anyone who uses the…

  • CVE-2018-0025MedJul 11, 2018
    risk 0.40cvss 6.1epss 0.01

    When an SRX Series device is configured to use HTTP/HTTPS pass-through authentication services, a client sending authentication credentials in the initial HTTP/HTTPS session is at risk that these credentials may be captured during follow-on HTTP/HTTPS requests by a malicious…

  • CVE-2017-12697MedJan 9, 2018
    risk 0.38cvss 5.9epss 0.01

    A Man-in-the-Middle issue was discovered in General Motors (GM) and Shanghai OnStar (SOS) SOS iOS Client 7.1. Successful exploitation of this vulnerability may allow an attacker to intercept sensitive information when the client connects to the server.

  • CVE-2017-15085MedNov 8, 2017
    risk 0.38cvss 5.9epss 0.02

    It was discovered that the fix for CVE-2017-12150 was not properly shipped in erratum RHSA-2017:2858 for Red Hat Gluster Storage 3.3 for RHEL 6.

  • CVE-2019-19751MedApr 30, 2024
    risk 0.36cvss 5.6epss 0.00

    easyMINE before 2019-12-05 ships with SSH host keys baked into the installation image, which allows man-in-the-middle attacks and makes identification of all public IPv4 nodes trivial with Shodan.io.

  • CVE-2018-14636MedSep 10, 2018
    risk 0.35cvss 5.3epss 0.01

    Live-migrated instances are briefly able to inspect traffic for other instances on the same hypervisor. This brief window could be extended indefinitely if the instance's port is set administratively down prior to live-migration and kept down after the migration is complete.…

  • CVE-2016-10536MedMay 31, 2018
    risk 0.31cvss 5.9epss 0.01

    engine.io-client is the client for engine.io, the implementation of a transport-based cross-browser/cross-device bi-directional communication layer for Socket.IO. The vulnerability is related to the way that node.js handles the `rejectUnauthorized` setting. If the value is…

  • CVE-2016-1000224medSep 1, 2020
    risk 0.26cvss epss 0.00

    Affected versions of `ezseed-transmission` download and run a script over an HTTP connection. An attacker in a privileged network position could launch a Man-in-the-Middle attack and intercept the script, replacing it with malicious code, completely compromising the system…

  • CVE-2017-6052LowApr 26, 2017
    risk 0.24cvss 3.7epss 0.01

    A Man-in-the-Middle issue was discovered in Hyundai Motor America Blue Link 3.9.5 and 3.9.4. Communication channel endpoints are not verified, which may allow a remote attacker to access or influence communications between the identified endpoints.