VYPR

CWE-923

Improper Restriction of Communication Channel to Intended Endpoints

ClassIncomplete

Description

The product establishes a communication channel to (or from) an endpoint for privileged or protected operations, but it does not properly ensure that it is communicating with the correct endpoint.

Hierarchy (View 1000)

Related attack patterns (CAPEC)

CAPEC-161 · CAPEC-481 · CAPEC-501 · CAPEC-697

CVEs mapped to this weakness (20)

  • CVE-2017-3891CriNov 14, 2017
    risk 0.63cvss 9.6epss 0.01

    In BlackBerry QNX Software Development Platform (SDP) 6.6.0, an elevation of privilege vulnerability in the default configuration of the QNX SDP with QNet enabled on networks comprising two or more QNet nodes could allow an attacker to access local and remote files or take…

  • CVE-2015-8914CriJun 17, 2016
    risk 0.59cvss 9.1epss 0.04

    The IPTables firewall in OpenStack Neutron before 7.0.4 and 8.0.0 through 8.1.0 allows remote attackers to bypass an intended ICMPv6-spoofing protection mechanism and consequently cause a denial of service or intercept network traffic via a link-local source address.

  • CVE-2025-20261HigJun 4, 2025
    risk 0.57cvss 8.8epss 0.00

    A vulnerability in the SSH connection handling of Cisco Integrated Management Controller (IMC) for Cisco UCS B-Series, UCS C-Series, UCS S-Series, and UCS X-Series Servers could allow an authenticated, remote attacker to access internal services with elevated privileges. This…

  • CVE-2016-5362HigJun 17, 2016
    risk 0.54cvss 8.2epss 0.03

    The IPTables firewall in OpenStack Neutron before 7.0.4 and 8.0.0 through 8.1.0 allows remote attackers to bypass an intended DHCP-spoofing protection mechanism and consequently cause a denial of service or intercept network traffic via a crafted DHCP discovery message.

  • CVE-2025-23178HigApr 29, 2025
    risk 0.49cvss 7.6epss 0.00

    CWE-923: Improper Restriction of Communication Channel to Intended Endpoints

  • CVE-2025-35978HigJun 12, 2025
    risk 0.46cvss 7.1epss 0.00

    Improper restriction of communication channel to intended endpoints issue exists in UpdateNavi V1.4 L10 to L33 and UpdateNaviInstallService Service 1.2.0091 to 1.2.0125. If a local authenticated attacker send malicious data, an arbitrary registry value may be modified or…

  • CVE-2018-10596HigJul 3, 2018
    risk 0.46cvss 7.1epss 0.01

    Medtronic 2090 CareLink Programmer uses a virtual private network connection to securely download updates. It does not verify it is still connected to this virtual private network before downloading updates. The affected products initially establish an encapsulated IP-based…

  • CVE-2025-62843MedMar 20, 2026
    risk 0.44cvss 6.8epss 0.00

    An improper restriction of communication channel to intended endpoints vulnerability has been reported to affect QHora. If an attacker gains physical access, they can then exploit the vulnerability to gain the privileges that were intended for the original endpoint. We have…

  • CVE-2024-34446HigMay 3, 2024
    risk 0.42cvss 7.5epss 0.01

    Mullvad VPN through 2024.1 on Android does not set a DNS server in the blocking state (after a hard failure to create a tunnel), and thus DNS traffic can leave the device. Data showing that the affected device was the origin of sensitive DNS requests may be observed and logged…

  • CVE-2025-12357MedOct 31, 2025
    risk 0.41cvss 6.3epss 0.00

    By manipulating the Signal Level Attenuation Characterization (SLAC) protocol with spoofed measurements, an attacker can stage a man-in-the-middle attack between an electric vehicle and chargers that comply with the ISO 15118-2 part. This vulnerability may be exploitable …

  • CVE-2024-36252MedJun 19, 2024
    risk 0.41cvss 6.3epss 0.00

    Improper restriction of communication channel to intended endpoints issue exists in Ricoh Streamline NX PC Client ver.3.6.x and earlier. If this vulnerability is exploited, arbitrary code may be executed on the PC where the product is installed.

  • CVE-2025-33176MedNov 4, 2025
    risk 0.40cvss 6.2epss 0.00

    NVIDIA RunAI for all platforms contains a vulnerability where a user could cause an improper restriction of communications channels on an adjacent network. A successful exploit of this vulnerability might lead to escalation of privileges, data tampering, and information…

  • CVE-2026-22715MedFeb 26, 2026
    risk 0.38cvss 5.9epss 0.00

    VMWare Workstation and Fusion contain a logic flaw in the management of network packets.  Known attack vectors: A malicious actor with administrative privileges on a Guest VM may be able to interrupt or intercept network connections of other Guest VM's.  Resolution: To…

  • CVE-2025-31144MedApr 28, 2025
    risk 0.38cvss 5.8epss 0.00

    Quick Agent V3 and Quick Agent V2 contain an issue with improper restriction of communication channel to intended endpoints. If exploited, a remote unauthenticated attacker may attempt to log in to an arbitrary host via Windows system where the product is running.

  • CVE-2025-36145MedMay 26, 2026
    risk 0.35cvss 5.4epss 0.00

    IBM watsonx.data 2.2 through 2.3.1 IBM Lakehouse does not properly restrict inbound and outbound connections which could allow an attacker to transfer or modify files without restrictions.

  • CVE-2025-36180MedApr 30, 2026
    risk 0.34cvss 5.3epss 0.00

    IBM watsonx.data 2.2 through 2.3 IBM Lakehouse does not properly restrict communication between pods which could allow an attacker to transfer data between pods without restrictions.

  • CVE-2026-22726MedMay 1, 2026
    risk 0.33cvss 5.0epss 0.00

    Route Services can be leveraged to send app traffic to network destinations outside of an app's configured egress rules. As a result, a malicious developer with access to Cloudfoundry could configure a route-service that would allow it to send requests to HTTP services on…

  • CVE-2024-39271LowFeb 12, 2025
    risk 0.17cvss 2.6epss 0.00

    Improper restriction of communication channel to intended endpoints in some Intel(R) PROSet/Wireless WiFi and Killerâ„¢ WiFi software before version 23.80 may allow an unauthenticated user to potentially enable information disclosure via adjacent access.

  • CVE-2022-2837Mar 3, 2023
    risk 0.00cvss epss 0.00

    A flaw was found in coreDNS. This flaw allows a malicious user to redirect traffic intended for external top-level domains (TLD) to a pod they control by creating projects and namespaces that match the TLD.

  • CVE-2022-2835Mar 3, 2023
    risk 0.00cvss epss 0.00

    A flaw was found in coreDNS. This flaw allows a malicious user to reroute internal calls to some internal services that were accessed by the FQDN in a format of ..svc.