CWE-419
Unprotected Primary Channel
Description
The product uses a primary channel for administration or restricted functionality, but it does not properly protect the channel.
Hierarchy (View 1000)
Parents
Children
none
Related attack patterns (CAPEC)
CAPEC-383
CVEs mapped to this weakness (6)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2024-50588 | Cri | 0.64 | 9.8 | 0.01 | Nov 8, 2024 | An unauthenticated attacker with access to the local network of the medical office can use known default credentials to gain remote DBA access to the Elefant Firebird database. The data in the database includes patient data and login credentials among other sensitive data. … | ||
| CVE-2024-2414 | Hig | 0.57 | 8.8 | 0.00 | Mar 13, 2024 | The primary channel is unprotected on Movistar 4G router affecting E version S_WLD71-T1_v2.0.201820. This device has the 'adb' service open on port 5555 and provides access to a shell with root privileges. | ||
| CVE-2018-12539 | Hig | 0.51 | 7.8 | 0.00 | Aug 14, 2018 | In Eclipse OpenJ9 version 0.8, users other than the process owner may be able to use Java Attach API to connect to an Eclipse OpenJ9 or IBM JVM on the same machine and use Attach API operations, which includes the ability to execute untrusted native code. Attach API is enabled… | ||
| CVE-2024-3051 | — | Hig | 0.49 | 7.5 | 0.00 | Apr 26, 2024 | Malformed Device Reset Locally command classes can be sent to temporarily deny service to an end device. Any frames sent by the end device will not be acknowledged by the gateway during this time. | |
| CVE-2024-39886 | Low | 0.24 | 3.7 | 0.00 | Jul 10, 2024 | TONE store App version 3.4.2 and earlier contains an issue with unprotected primary channel. Since TONE store App communicates with TONE store website in cleartext, a man-in-the-middle attack may allow an attacker to obtain and/or alter communications of the affected App. | ||
| CVE-2025-24030 | 0.00 | — | 0.00 | Jan 23, 2025 | Envoy Gateway is an open source project for managing Envoy Proxy as a standalone or Kubernetes-based application gateway. A user with access to the Kubernetes cluster can use a path traversal attack to execute Envoy Admin interface commands on proxies managed by any version of… |
- risk 0.64cvss 9.8epss 0.01
An unauthenticated attacker with access to the local network of the medical office can use known default credentials to gain remote DBA access to the Elefant Firebird database. The data in the database includes patient data and login credentials among other sensitive data. …
- risk 0.57cvss 8.8epss 0.00
The primary channel is unprotected on Movistar 4G router affecting E version S_WLD71-T1_v2.0.201820. This device has the 'adb' service open on port 5555 and provides access to a shell with root privileges.
- risk 0.51cvss 7.8epss 0.00
In Eclipse OpenJ9 version 0.8, users other than the process owner may be able to use Java Attach API to connect to an Eclipse OpenJ9 or IBM JVM on the same machine and use Attach API operations, which includes the ability to execute untrusted native code. Attach API is enabled…
- risk 0.49cvss 7.5epss 0.00
Malformed Device Reset Locally command classes can be sent to temporarily deny service to an end device. Any frames sent by the end device will not be acknowledged by the gateway during this time.
- risk 0.24cvss 3.7epss 0.00
TONE store App version 3.4.2 and earlier contains an issue with unprotected primary channel. Since TONE store App communicates with TONE store website in cleartext, a man-in-the-middle attack may allow an attacker to obtain and/or alter communications of the affected App.
- CVE-2025-24030Jan 23, 2025risk 0.00cvss —epss 0.00
Envoy Gateway is an open source project for managing Envoy Proxy as a standalone or Kubernetes-based application gateway. A user with access to the Kubernetes cluster can use a path traversal attack to execute Envoy Admin interface commands on proxies managed by any version of…