VYPR

CWE-732

Incorrect Permission Assignment for Critical Resource

ClassDraftLikelihood: High

Description

The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors.

When a resource is given a permission setting that provides access to a wider range of actors than required, it could lead to the exposure of sensitive information, or the modification of that resource by unintended parties. This is especially dangerous when the resource is related to program configuration, execution, or sensitive user data. For example, consider a misconfigured storage account for the cloud that can be read or written by a public or anonymous user.

Hierarchy (View 1000)

Related attack patterns (CAPEC)

CAPEC-1 · CAPEC-122 · CAPEC-127 · CAPEC-17 · CAPEC-180 · CAPEC-206 · CAPEC-234 · CAPEC-60 · CAPEC-61 · CAPEC-62 · CAPEC-642

CVEs mapped to this weakness (623)

page 2 of 32
  • CVE-2018-11240CriSep 21, 2018
    risk 0.64cvss 9.8epss 0.02

    An issue was discovered on SoftCase T-Router build 20112017 devices. There are no restrictions on the 'exec command' feature of the T-Router protocol. If the command syntax is correct, there is code execution both on the other modem and on the main servers. This is fixed in…

  • CVE-2018-15681CriSep 5, 2018
    risk 0.64cvss 9.8epss 0.01

    An issue was discovered in BTITeam XBTIT 2.5.4. When a user logs in, their password hash is rehashed using a predictable salt and stored in the "pass" cookie, which is not flagged as HTTPOnly. Due to the weak and predictable salt that is in place, an attacker who successfully…

  • CVE-2018-15482CriAug 17, 2018
    risk 0.64cvss 9.8epss 0.01

    Certain LG devices based on Android 6.0 through 8.1 have incorrect access control for MLT application intents. The LG ID is LVE-SMP-180006.

  • CVE-2018-14982CriAug 17, 2018
    risk 0.64cvss 9.8epss 0.01

    Certain LG devices based on Android 6.0 through 8.1 have incorrect access control in the GNSS application. The LG ID is LVE-SMP-180004.

  • CVE-2018-14981CriAug 17, 2018
    risk 0.64cvss 9.8epss 0.01

    Certain LG devices based on Android 6.0 through 8.1 have incorrect access control for SystemUI application intents. The LG ID is LVE-SMP-180005.

  • CVE-2018-13791CriJul 9, 2018
    risk 0.64cvss 9.8epss 0.01

    The HTTP API in ABBYY FlexiCapture before 12 Release 1 Update 7 allows an attacker to conduct Access Control attacks via the /FlexiCapture12/Login/Server/SevaUserProfile FlexiCaptureTmsSts2 parameter.

  • CVE-2017-7821CriJun 11, 2018
    risk 0.64cvss 9.8epss 0.02

    A vulnerability where WebExtensions can download and attempt to open a file of some non-executable file types. This can be triggered without specific user interaction for the file download and open actions. This could be used to trigger known vulnerabilities in the programs that…

  • CVE-2017-5456CriJun 11, 2018
    risk 0.64cvss 9.8epss 0.03

    A mechanism to bypass file system access protections in the sandbox using the file system request constructor through an IPC message. This allows for read and write access to the local file system. This vulnerability affects Firefox ESR < 52.1 and Firefox < 53.

  • CVE-2018-10381CriApr 26, 2018
    risk 0.64cvss 9.8epss 0.04

    TunnelBear 3.2.0.6 for Windows suffers from a SYSTEM privilege escalation vulnerability through the "TunnelBearMaintenance" service. This service establishes a NetNamedPipe endpoint that allows arbitrary installed applications to connect and call publicly exposed methods. The…

  • CVE-2018-10170CriApr 16, 2018
    risk 0.64cvss 9.8epss 0.02

    NordVPN 6.12.7.0 for Windows suffers from a SYSTEM privilege escalation vulnerability through the "nordvpn-service" service. This service establishes an NetNamedPipe endpoint that allows arbitrary installed applications to connect and call publicly exposed methods. The "Connect"…

  • CVE-2018-10169CriApr 16, 2018
    risk 0.64cvss 9.8epss 0.03

    ProtonVPN 1.3.3 for Windows suffers from a SYSTEM privilege escalation vulnerability through the "ProtonVPN Service" service. This service establishes an NetNamedPipe endpoint that allows arbitrary installed applications to connect and call publicly exposed methods. The…

  • CVE-2018-1164CriFeb 21, 2018
    risk 0.64cvss 9.8epss 0.04

    This vulnerability allows remote attackers to cause a denial-of-service condition on vulnerable installations of ZyXEL P-870H-51 DSL Router 1.00(AWG.3)D5. Authentication is not required to exploit this vulnerability. The specific flaw exists within numerous exposed CGI…

  • CVE-2017-15877CriDec 19, 2017
    risk 0.64cvss 9.8epss 0.01

    Insecure Permissions vulnerability in db.php file in GPWeb 8.4.61 allows remote attackers to view the password and user database.

  • CVE-2017-16638CriNov 6, 2017
    risk 0.64cvss 9.8epss 0.01

    The Gentoo net-misc/vde package before version 2.3.2-r4 may allow members of the "qemu" group to gain root privileges by creating a hard link in a directory on which "chown" is called recursively by the OpenRC service script.

  • CVE-2017-1000153CriNov 3, 2017
    risk 0.64cvss 9.8epss 0.01

    Mahara 15.04 before 15.04.10 and 15.10 before 15.10.6 and 16.04 before 16.04.4 are vulnerable to incorrect access control after the password reset link is sent via email and then user changes default email, Mahara fails to invalidate old link.Consequently the link in email can…

  • CVE-2017-12816CriAug 25, 2017
    risk 0.64cvss 9.8epss 0.02

    In Kaspersky Internet Security for Android 11.12.4.1622, some of application exports activities have weak permissions, which might be used by a malware application to get unauthorized access to the product functionality by using Android IPC.

  • CVE-2017-9482CriJul 31, 2017
    risk 0.64cvss 9.8epss 0.03

    The Comcast firmware on Cisco DPC3939 (firmware version dpc3939-P20-18-v303r20421746-170221a-CMCST) devices allows remote attackers to obtain root access to the Network Processor (NP) Linux system by enabling a TELNET daemon (through CVE-2017-9479 exploitation) and then…

  • CVE-2017-9479CriJul 31, 2017
    risk 0.64cvss 9.8epss 0.03

    The Comcast firmware on Cisco DPC3939 (firmware version dpc3939-P20-18-v303r20421746-170221a-CMCST) devices allows remote attackers to execute arbitrary commands as root by leveraging local network access and connecting to the syseventd server, as demonstrated by copying…

  • CVE-2017-9615CriJun 26, 2017
    risk 0.64cvss 9.8epss 0.01

    Password exposure in Cognito Software Moneyworks 8.0.3 and earlier allows attackers to gain administrator access to all data, because verbose logging writes the administrator password to a world-readable file.

  • CVE-2017-8858CriMay 9, 2017
    risk 0.64cvss 9.8epss 0.03

    In Veritas NetBackup 8.0 and earlier and NetBackup Appliance 3.0 and earlier, there is unauthenticated privileged remote file write using the 'bprd' process.