VYPR

CWE-732

Incorrect Permission Assignment for Critical Resource

ClassDraftLikelihood: High

Description

The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors.

When a resource is given a permission setting that provides access to a wider range of actors than required, it could lead to the exposure of sensitive information, or the modification of that resource by unintended parties. This is especially dangerous when the resource is related to program configuration, execution, or sensitive user data. For example, consider a misconfigured storage account for the cloud that can be read or written by a public or anonymous user.

Hierarchy (View 1000)

Related attack patterns (CAPEC)

CAPEC-1 · CAPEC-122 · CAPEC-127 · CAPEC-17 · CAPEC-180 · CAPEC-206 · CAPEC-234 · CAPEC-60 · CAPEC-61 · CAPEC-62 · CAPEC-642

CVEs mapped to this weakness (623)

page 10 of 32
  • CVE-2024-22029HigOct 16, 2024
    risk 0.51cvss 7.8epss 0.00

    Insecure permissions in the packaging of tomcat allow local users that win a race during package installation to escalate to root

  • CVE-2024-38456HigSep 3, 2024
    risk 0.51cvss 7.8epss 0.00

    HIGH-LEIT V05.08.01.03 and HIGH-LEIT V04.25.00.00 to 4.25.01.01 for Windows from Vivavis contain an insecure file and folder permissions vulnerability in prunsrv.exe. A regular user (non-admin) can exploit the weak folder and file permissions to escalate privileges and execute…

  • CVE-2023-5936HigMay 15, 2024
    risk 0.51cvss 7.8epss 0.00

    On Unix systems (Linux, MacOS), Arc uses a temporary file with unsafe privileges. By tampering with such file, a malicious local user in the system may be able to trigger arbitrary code execution with root privileges.

  • CVE-2018-12131HigOct 10, 2018
    risk 0.51cvss 7.8epss 0.00

    Permissions in the driver pack installers for Intel NVMe before version 4.0.0.1007 and Intel RSTe before version 4.7.0.2083 may allow an authenticated user to potentially escalate privilege via local access.

  • CVE-2018-11064HigOct 5, 2018
    risk 0.51cvss 7.8epss 0.00

    Dell EMC Unity OE versions 4.3.0.x and 4.3.1.x and UnityVSA OE versions 4.3.0.x and 4.3.1.x contains an Incorrect File Permissions vulnerability. A locally authenticated malicious user could potentially exploit this vulnerability to alter multiple library files in service tools…

  • CVE-2018-16588HigSep 26, 2018
    risk 0.51cvss 7.8epss 0.00

    Privilege escalation can occur in the SUSE useradd.c code in useradd, as distributed in the SUSE shadow package through 4.2.1-27.9.1 for SUSE Linux Enterprise 12 (SLE-12) and through 4.5-5.39 for SUSE Linux Enterprise 15 (SLE-15). Non-existing intermediate directories are…

  • CVE-2018-11277HigSep 20, 2018
    risk 0.51cvss 7.8epss 0.00

    In Snapdragon (Automobile, Mobile, Wear) in version MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 810, SD 820, SD 820A, SD 835, SD 845, SDA660, the com.qualcomm.embms is a vendor package deployed in the system image…

  • CVE-2018-12168HigSep 12, 2018
    risk 0.51cvss 7.8epss 0.00

    Privilege escalation in file permissions in Intel Computing Improvement Program before version 2.2.0.03942 may allow an authenticated user to potentially execute code as administrator via local access.

  • CVE-2018-12162HigSep 12, 2018
    risk 0.51cvss 7.8epss 0.00

    Directory permissions in the Intel OpenVINO Toolkit for Windows before version 2018.1.265 may allow an authenticated user to potentially execute code using default directory permissions via local access.

  • CVE-2018-12148HigSep 12, 2018
    risk 0.51cvss 7.8epss 0.00

    Privilege escalation in file permissions in Intel Driver and Support Assistant before 3.5.0.1 may allow an authenticated user to potentially execute code as administrator via local access.

  • CVE-2018-13412HigSep 12, 2018
    risk 0.51cvss 7.8epss 0.01

    An issue was discovered in the Self Service Portal in Zoho ManageEngine Desktop Central before 10.0.282. A clickable company logo in a window running as SYSTEM can be abused to escalate privileges. In cloud, the issue is fixed in 10.0.470 agent version.

  • CVE-2018-16545HigSep 5, 2018
    risk 0.51cvss 7.8epss 0.02

    Kaizen Asset Manager (Enterprise Edition) and Training Manager (Enterprise Edition) allow a remote attacker to achieve arbitrary code execution via file impersonation. For example, a malicious dynamic-link library (dll) assumed the identity of a temporary (tmp) file (isxdl.dll)…

  • CVE-2018-5546HigAug 17, 2018
    risk 0.51cvss 7.8epss 0.00

    The svpn and policyserver components of the F5 BIG-IP APM client prior to version 7.1.7.1 for Linux and macOS runs as a privileged process and can allow an unprivileged user to get ownership of files owned by root on the local client host. A malicious local unprivileged user may…

  • CVE-2018-11453HigAug 7, 2018
    risk 0.51cvss 7.8epss 0.00

    A vulnerability has been identified in SIMATIC STEP 7 (TIA Portal) and WinCC (TIA Portal) V10, V11, V12 (All versions), SIMATIC STEP 7 (TIA Portal) and WinCC (TIA Portal) V13 (All versions < V13 SP2 Update 2), SIMATIC STEP 7 (TIA Portal) and WinCC (TIA Portal) V14 (All versions…

  • CVE-2018-11642HigJul 3, 2018
    risk 0.51cvss 7.8epss 0.01

    Incorrect Permission Assignment on the /var/www/xms/cleanzip.sh shell script run periodically in Dialogic PowerMedia XMS through 3.5 allows local users to execute code as the root user.

  • CVE-2018-11334HigMay 23, 2018
    risk 0.51cvss 7.8epss 0.00

    Windscribe 1.81 creates a named pipe with a NULL DACL that allows Everyone users to gain privileges or cause a denial of service via \\.\pipe\WindscribeService.

  • CVE-2018-10647HigMay 2, 2018
    risk 0.51cvss 7.8epss 0.00

    SaferVPN 4.2.5 for Windows suffers from a SYSTEM privilege escalation vulnerability in its "SaferVPN.Service" service. The "SaferVPN.Service" service executes "openvpn.exe" using OpenVPN config files located within the current user's %LOCALAPPDATA%\SaferVPN\OvpnConfig directory.…

  • CVE-2018-10646HigMay 2, 2018
    risk 0.51cvss 7.8epss 0.00

    CyberGhost 6.5.0.3180 for Windows suffers from a SYSTEM privilege escalation vulnerability through the "CG6Service" service. This service establishes a NetNamedPipe endpoint that allows arbitrary installed applications to connect and call publicly exposed methods. The…

  • CVE-2018-10645HigMay 2, 2018
    risk 0.51cvss 7.8epss 0.00

    Golden Frog VyprVPN 2.12.1.8015 for Windows suffers from a SYSTEM privilege escalation vulnerability through the "VyprVPN" service. This service establishes a NetNamedPipe endpoint that allows applications to connect and call publicly exposed methods. The "SetProperty" method…

  • CVE-2018-5349HigMar 22, 2018
    risk 0.51cvss 7.8epss 0.00

    A vulnerability has been found in Heimdal PRO v2.2.190, but it is most likely also present in Heimdal FREE and Heimdal CORP. Faulty permissions on the directory "C:\ProgramData\Heimdal Security\Heimdal Agent" allow BUILTIN\Users to write new files to the directory. On startup,…