VYPR

CWE-732

Incorrect Permission Assignment for Critical Resource

ClassDraftLikelihood: High

Description

The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors.

When a resource is given a permission setting that provides access to a wider range of actors than required, it could lead to the exposure of sensitive information, or the modification of that resource by unintended parties. This is especially dangerous when the resource is related to program configuration, execution, or sensitive user data. For example, consider a misconfigured storage account for the cloud that can be read or written by a public or anonymous user.

Hierarchy (View 1000)

Related attack patterns (CAPEC)

CAPEC-1 · CAPEC-122 · CAPEC-127 · CAPEC-17 · CAPEC-180 · CAPEC-206 · CAPEC-234 · CAPEC-60 · CAPEC-61 · CAPEC-62 · CAPEC-642

CVEs mapped to this weakness (623)

page 12 of 32
  • CVE-2017-11653HigAug 18, 2017
    risk 0.51cvss 7.8epss 0.00

    Razer Synapse 2.20.15.1104 and earlier uses weak permissions for the Devices directory, which allows local users to gain privileges via a Trojan horse (1) RazerConfigNative.dll or (2) RazerConfigNativeLOC.dll file.

  • CVE-2017-11156HigAug 14, 2017
    risk 0.51cvss 7.8epss 0.02

    Synology Download Station 3.8.x before 3.8.5-3475 and 3.x before 3.5-2984 uses weak permissions (0777) for ui/dlm/btsearch directory, which allows remote authenticated users to execute arbitrary code by uploading an executable via unspecified vectors.

  • CVE-2017-0703HigJul 6, 2017
    risk 0.51cvss 7.8epss 0.00

    A elevation of privilege vulnerability in the Android system ui. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-33123882.

  • CVE-2017-9780HigJun 21, 2017
    risk 0.51cvss 7.8epss 0.00

    In Flatpak before 0.8.7, a third-party app repository could include malicious apps that contain files with inappropriate permissions, for example setuid or world-writable. The files are deployed with those permissions, which would let a local attacker run the setuid executable…

  • CVE-2017-7493HigMay 17, 2017
    risk 0.51cvss 7.8epss 0.00

    Quick Emulator (Qemu) built with the VirtFS, host directory sharing via Plan 9 File System(9pfs) support, is vulnerable to an improper access control issue. It could occur while accessing virtfs metadata files in mapped-file security mode. A guest user could use this flaw to…

  • CVE-2017-0593HigMay 12, 2017
    risk 0.51cvss 7.8epss 0.00

    An elevation of privilege vulnerability in the Framework APIs could enable a local malicious application to obtain access to custom permissions. This issue is rated as High because it is a general bypass for operating system protections that isolate application data from other…

  • CVE-2017-0352HigMay 9, 2017
    risk 0.51cvss 7.8epss 0.00

    All versions of the NVIDIA GPU Display Driver contain a vulnerability in the GPU firmware where incorrect access control may allow CPU access sensitive GPU control registers, leading to an escalation of privileges

  • CVE-2017-7850HigApr 19, 2017
    risk 0.51cvss 7.8epss 0.00

    Nessus 6.10.x before 6.10.5 was found to be vulnerable to a local privilege escalation issue due to insecure permissions when running in Agent Mode.

  • CVE-2017-7889HigApr 17, 2017
    risk 0.51cvss 7.8epss 0.00

    The mm subsystem in the Linux kernel through 3.2 does not properly enforce the CONFIG_STRICT_DEVMEM protection mechanism, which allows local users to read or write to kernel memory locations in the first megabyte (and bypass slab-allocation access restrictions) via an…

  • CVE-2017-7199HigMar 23, 2017
    risk 0.51cvss 7.8epss 0.00

    Nessus 6.6.2 - 6.10.3 contains a flaw related to insecure permissions that may allow a local attacker to escalate privileges when the software is running in Agent Mode. Version 6.10.4 fixes this issue.

  • CVE-2009-3482HigSep 30, 2009
    risk 0.51cvss 7.8epss 0.00

    TrustPort Antivirus before 2.8.0.2266 and PC Security before 2.0.0.1291 use weak permissions (Everyone: Full Control) for files under %PROGRAMFILES%, which allows local users to gain privileges by replacing executables with Trojan horse programs.

  • CVE-2009-3289HigSep 22, 2009
    risk 0.51cvss 7.8epss 0.00

    The g_file_copy function in glib 2.0 sets the permissions of a target file to the permissions of a symbolic link (777), which allows user-assisted local users to modify files of other users, as demonstrated by using Nautilus to modify the permissions of the user home directory.

  • CVE-2009-0115HigMar 30, 2009
    risk 0.51cvss 7.8epss 0.00

    The Device Mapper multipathing driver (aka multipath-tools or device-mapper-multipath) 0.4.8, as used in SUSE openSUSE, SUSE Linux Enterprise Server (SLES), Fedora, and possibly other operating systems, uses world-writable permissions for the socket file (aka…

  • CVE-2008-0322HigMay 13, 2008
    risk 0.51cvss 7.8epss 0.02

    The I2O Utility Filter driver (i2omgmt.sys) 5.1.2600.2180 for Microsoft Windows XP sets Everyone/Write permissions for the "\\.\I2OExc" device interface, which allows local users to gain privileges. NOTE: this issue can be leveraged to overwrite arbitrary memory and execute…

  • CVE-2008-0662HigFeb 8, 2008
    risk 0.51cvss 7.8epss 0.00

    The Auto Local Logon feature in Check Point VPN-1 SecuRemote/SecureClient NGX R60 and R56 for Windows caches credentials under the Checkpoint\SecuRemote registry key, which has Everyone/Full Control permissions, which allows local users to gain privileges by reading and reusing…

  • CVE-2007-5544HigOct 29, 2007
    risk 0.51cvss 7.8epss 0.00

    IBM Lotus Notes before 6.5.6, and 7.x before 7.0.3; and Domino before 6.5.5 FP3, and 7.x before 7.0.2 FP1; uses weak permissions (Everyone:Full Control) for memory mapped files (shared memory) in IPC, which allows local users to obtain sensitive information, or inject Lotus…

  • CVE-2026-41489HigMay 11, 2026
    risk 0.50cvss 8.8epss 0.00

    Pi-hole is a DNS sinkhole that protects devices from unwanted content without installing any client-side software. From 6.0 to before Core 6.4.2 and FTL 6.6.1, two shell scripts executed as root by systemd (pihole-FTL-prestart.sh and pihole-FTL-poststop.sh) read the files.pid…

  • CVE-2018-11259HigJul 6, 2018
    risk 0.50cvss 7.7epss 0.00

    Due to Improper Access Control of NAND-based EFS in Snapdragon Automobile, Snapdragon Mobile and Snapdragon Wear, From fastboot on a NAND-based device, the EFS partition can be erased. Apps processor then has non-secure world full read/write access to the partition until the…

  • CVE-2018-12457HigJun 15, 2018
    risk 0.50cvss 8.8epss 0.02

    expressCart before 1.1.6 allows remote attackers to create an admin user via a /admin/setup Referer header.

  • CVE-2026-4761HigMar 25, 2026
    risk 0.49cvss 7.5epss 0.00

    When a certificate and its private key are installed in the Windows machine certificate store using Network and Security tool, access rights to the private key are unnecessarily granted to the operator group. * Installations based on Panorama Suite 2025 (25.00.004) are…