VYPR

CWE-732

Incorrect Permission Assignment for Critical Resource

ClassDraftLikelihood: High

Description

The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors.

When a resource is given a permission setting that provides access to a wider range of actors than required, it could lead to the exposure of sensitive information, or the modification of that resource by unintended parties. This is especially dangerous when the resource is related to program configuration, execution, or sensitive user data. For example, consider a misconfigured storage account for the cloud that can be read or written by a public or anonymous user.

Hierarchy (View 1000)

Related attack patterns (CAPEC)

CAPEC-1 · CAPEC-122 · CAPEC-127 · CAPEC-17 · CAPEC-180 · CAPEC-206 · CAPEC-234 · CAPEC-60 · CAPEC-61 · CAPEC-62 · CAPEC-642

CVEs mapped to this weakness (623)

page 8 of 32
  • CVE-2017-16895HigDec 1, 2017
    risk 0.54cvss 7.8epss 0.01

    The (1) arq_updater, (2) arqcommitter, (3) standardrestorer, (4) arqglacierrestorer, and (5) arqs3glacierrestorer helper apps in Arq 5.x before 5.10 for Mac allow local users to gain root privileges via a crafted data packet.

  • CVE-2017-8665HigAug 15, 2017
    risk 0.54cvss 7.8epss 0.04

    The Xamarin.iOS update component on systems running macOS allows an attacker to run arbitrary code as root, aka "Xamarin.iOS Elevation Of Privilege Vulnerability."

  • CVE-2009-3489HigSep 30, 2009
    risk 0.54cvss 7.8epss 0.02

    Adobe Photoshop Elements 8.0 installs the Adobe Active File Monitor V8 service with an insecure security descriptor, which allows local users to (1) stop the service via the stop command, (2) execute arbitrary commands as SYSTEM by using the config command to modify the binPath…

  • CVE-2021-4481HigJun 2, 2026
    risk 0.53cvss 8.2epss 0.00

    Dräger Protector Software prior to version 6.4.2 contains a local privilege escalation vulnerability due to insecure file system permissions that allows local attackers to execute arbitrary code with elevated privileges. Attackers can replace binaries or loaded modules on the…

  • CVE-2021-4480HigJun 2, 2026
    risk 0.53cvss 8.2epss 0.00

    Dräger Protector Software prior to version 6.4.2 contains a local privilege escalation vulnerability due to insecure file system permissions that allows local attackers to execute arbitrary code with elevated privileges. Attackers can replace binaries or loaded modules on the…

  • CVE-2025-54497HigSep 18, 2025
    risk 0.53cvss 8.1epss 0.00

    Cognex In-Sight Explorer and In-Sight Camera Firmware expose a telnet-based service on port 23 to allow management operations such as firmware upgrades and device reboots, which require authentication. A user with protected privileges can successfully invoke the…

  • CVE-2025-52873HigSep 18, 2025
    risk 0.53cvss 8.1epss 0.00

    Cognex In-Sight Explorer and In-Sight Camera Firmware expose a telnet-based service on port 23 to allow management operations such as firmware upgrades and device reboots, which require authentication. A user with protected privileges can successfully invoke the …

  • CVE-2025-26169HigMay 7, 2025
    risk 0.53cvss 8.1epss 0.00

    IXON VPN Client before 1.4.4 on Windows allows Local Privilege Escalation to SYSTEM because there is code execution from a configuration file that can be controlled by a low-privileged user. There is a race condition in which a temporary configuration file, in a world-writable…

  • CVE-2025-26168HigMay 7, 2025
    risk 0.53cvss 8.1epss 0.00

    IXON VPN Client before 1.4.4 on Linux and macOS allows Local Privilege Escalation to root because there is code execution from a configuration file that can be controlled by a low-privileged user. There is a race condition in which a temporary configuration file, in a…

  • CVE-2024-37574HigDec 4, 2024
    risk 0.53cvss 8.2epss 0.00

    The GriceMobile com.grice.call application 4.5.2 for Android enables any installed application (with no permissions) to place phone calls without user interaction by sending a crafted intent via the com.iui.mobile.presentation.MobileActivity.

  • CVE-2018-16145HigSep 5, 2018
    risk 0.53cvss 8.1epss 0.02

    The /etc/init.d/opsview-reporting-module script that runs at boot time in Opsview Monitor before 5.3.1 and 5.4.x before 5.4.2 invokes a file that can be edited by the nagios user, and would allow attackers to elevate their privileges to root after a system restart, hence…

  • CVE-2017-2590HigJul 27, 2018
    risk 0.53cvss 8.1epss 0.01

    A vulnerability was found in ipa before 4.4. IdM's ca-del, ca-disable, and ca-enable commands did not properly check the user's permissions while modifying CAs in Dogtag. An authenticated, unauthorized attacker could use this flaw to delete, disable, or enable CAs causing…

  • CVE-2018-1000621HigJul 9, 2018
    risk 0.53cvss 8.1epss 0.03

    Mycroft AI mycroft-core version 18.2.8b and earlier contains a Incorrect Access Control vulnerability in Websocket configuration that can result in code execution. This impacts ONLY the Mycroft for Linux and "non-enclosure" installs - Mark 1 and Picroft unaffected. This attack…

  • CVE-2018-1267HigMar 27, 2018
    risk 0.53cvss 8.1epss 0.01

    Cloud Foundry Silk CNI plugin, versions prior to 0.2.0, contains an improper access control vulnerability. If the platform is configured with an application security group (ASG) that overlaps with the Silk overlay network, any applications can reach any other application on the…

  • CVE-2018-1417HigFeb 22, 2018
    risk 0.53cvss 8.1epss 0.02

    Under certain circumstances, a flaw in the J9 JVM (IBM SDK, Java Technology Edition 7.1 and 8.0) allows untrusted code running under a security manager to elevate its privileges. IBM X-Force ID: 138823.

  • CVE-2017-1000134HigNov 3, 2017
    risk 0.53cvss 8.1epss 0.01

    Mahara 1.8 before 1.8.6 and 1.9 before 1.9.4 and 1.10 before 1.10.1 and 15.04 before 15.04.0 are vulnerable because group members can lose access to the group files they uploaded if another group member changes the access permissions on them.

  • CVE-2017-7563HigJun 7, 2017
    risk 0.53cvss 8.1epss 0.01

    In ARM Trusted Firmware 1.3, RO memory is always executable at AArch64 Secure EL1, allowing attackers to bypass the MT_EXECUTE_NEVER protection mechanism. This issue occurs because of inconsistency in the number of execute-never bits (one bit versus two bits).

  • CVE-2025-41118CriApr 15, 2026
    risk 0.52cvss 9.1epss 0.00

    Pyroscope is an open-source continuous profiling database. The database supports various storage backends, including Tencent Cloud Object Storage (COS). If the database is configured to use Tencent COS as the storage backend, an attacker could extract the secret_key…

  • CVE-2025-24527HigJan 29, 2025
    risk 0.52cvss 8.0epss 0.00

    An issue was discovered in Akamai Enterprise Application Access (EAA) before 2025-01-17. If an admin knows another tenant's 128-bit connector GUID, they can execute debug commands on that connector.

  • CVE-2018-13110HigJul 6, 2018
    risk 0.52cvss 7.5epss 0.06

    All ADB broadband gateways / routers based on the Epicentro platform are affected by a privilege escalation vulnerability where attackers can gain access to the command line interface (CLI) if previously disabled by the ISP, escalate their privileges, and perform further attacks.