CWE-923
Improper Restriction of Communication Channel to Intended Endpoints
Description
The product establishes a communication channel to (or from) an endpoint for privileged or protected operations, but it does not properly ensure that it is communicating with the correct endpoint.
Hierarchy (View 1000)
Related attack patterns (CAPEC)
CAPEC-161 · CAPEC-481 · CAPEC-501 · CAPEC-697
CVEs mapped to this weakness (20)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2017-3891 | Cri | 0.63 | 9.6 | 0.01 | Nov 14, 2017 | In BlackBerry QNX Software Development Platform (SDP) 6.6.0, an elevation of privilege vulnerability in the default configuration of the QNX SDP with QNet enabled on networks comprising two or more QNet nodes could allow an attacker to access local and remote files or take… | ||
| CVE-2015-8914 | Cri | 0.59 | 9.1 | 0.04 | Jun 17, 2016 | The IPTables firewall in OpenStack Neutron before 7.0.4 and 8.0.0 through 8.1.0 allows remote attackers to bypass an intended ICMPv6-spoofing protection mechanism and consequently cause a denial of service or intercept network traffic via a link-local source address. | ||
| CVE-2025-20261 | Hig | 0.57 | 8.8 | 0.00 | Jun 4, 2025 | A vulnerability in the SSH connection handling of Cisco Integrated Management Controller (IMC) for Cisco UCS B-Series, UCS C-Series, UCS S-Series, and UCS X-Series Servers could allow an authenticated, remote attacker to access internal services with elevated privileges. This… | ||
| CVE-2016-5362 | Hig | 0.54 | 8.2 | 0.03 | Jun 17, 2016 | The IPTables firewall in OpenStack Neutron before 7.0.4 and 8.0.0 through 8.1.0 allows remote attackers to bypass an intended DHCP-spoofing protection mechanism and consequently cause a denial of service or intercept network traffic via a crafted DHCP discovery message. | ||
| CVE-2025-23178 | — | Hig | 0.49 | 7.6 | 0.00 | Apr 29, 2025 | CWE-923: Improper Restriction of Communication Channel to Intended Endpoints | |
| CVE-2025-35978 | Hig | 0.46 | 7.1 | 0.00 | Jun 12, 2025 | Improper restriction of communication channel to intended endpoints issue exists in UpdateNavi V1.4 L10 to L33 and UpdateNaviInstallService Service 1.2.0091 to 1.2.0125. If a local authenticated attacker send malicious data, an arbitrary registry value may be modified or… | ||
| CVE-2018-10596 | Hig | 0.46 | 7.1 | 0.01 | Jul 3, 2018 | Medtronic 2090 CareLink Programmer uses a virtual private network connection to securely download updates. It does not verify it is still connected to this virtual private network before downloading updates. The affected products initially establish an encapsulated IP-based… | ||
| CVE-2025-62843 | Med | 0.44 | 6.8 | 0.00 | Mar 20, 2026 | An improper restriction of communication channel to intended endpoints vulnerability has been reported to affect QHora. If an attacker gains physical access, they can then exploit the vulnerability to gain the privileges that were intended for the original endpoint. We have… | ||
| CVE-2024-34446 | Hig | 0.42 | 7.5 | 0.01 | May 3, 2024 | Mullvad VPN through 2024.1 on Android does not set a DNS server in the blocking state (after a hard failure to create a tunnel), and thus DNS traffic can leave the device. Data showing that the affected device was the origin of sensitive DNS requests may be observed and logged… | ||
| CVE-2025-12357 | Med | 0.41 | 6.3 | 0.00 | Oct 31, 2025 | By manipulating the Signal Level Attenuation Characterization (SLAC) protocol with spoofed measurements, an attacker can stage a man-in-the-middle attack between an electric vehicle and chargers that comply with the ISO 15118-2 part. This vulnerability may be exploitable … | ||
| CVE-2024-36252 | Med | 0.41 | 6.3 | 0.00 | Jun 19, 2024 | Improper restriction of communication channel to intended endpoints issue exists in Ricoh Streamline NX PC Client ver.3.6.x and earlier. If this vulnerability is exploited, arbitrary code may be executed on the PC where the product is installed. | ||
| CVE-2025-33176 | Med | 0.40 | 6.2 | 0.00 | Nov 4, 2025 | NVIDIA RunAI for all platforms contains a vulnerability where a user could cause an improper restriction of communications channels on an adjacent network. A successful exploit of this vulnerability might lead to escalation of privileges, data tampering, and information… | ||
| CVE-2026-22715 | Med | 0.38 | 5.9 | 0.00 | Feb 26, 2026 | VMWare Workstation and Fusion contain a logic flaw in the management of network packets. Known attack vectors: A malicious actor with administrative privileges on a Guest VM may be able to interrupt or intercept network connections of other Guest VM's. Resolution: To… | ||
| CVE-2025-31144 | Med | 0.38 | 5.8 | 0.00 | Apr 28, 2025 | Quick Agent V3 and Quick Agent V2 contain an issue with improper restriction of communication channel to intended endpoints. If exploited, a remote unauthenticated attacker may attempt to log in to an arbitrary host via Windows system where the product is running. | ||
| CVE-2025-36145 | Med | 0.35 | 5.4 | 0.00 | May 26, 2026 | IBM watsonx.data 2.2 through 2.3.1 IBM Lakehouse does not properly restrict inbound and outbound connections which could allow an attacker to transfer or modify files without restrictions. | ||
| CVE-2025-36180 | Med | 0.34 | 5.3 | 0.00 | Apr 30, 2026 | IBM watsonx.data 2.2 through 2.3 IBM Lakehouse does not properly restrict communication between pods which could allow an attacker to transfer data between pods without restrictions. | ||
| CVE-2026-22726 | Med | 0.33 | 5.0 | 0.00 | May 1, 2026 | Route Services can be leveraged to send app traffic to network destinations outside of an app's configured egress rules. As a result, a malicious developer with access to Cloudfoundry could configure a route-service that would allow it to send requests to HTTP services on… | ||
| CVE-2024-39271 | Low | 0.17 | 2.6 | 0.00 | Feb 12, 2025 | Improper restriction of communication channel to intended endpoints in some Intel(R) PROSet/Wireless WiFi and Killerâ„¢ WiFi software before version 23.80 may allow an unauthenticated user to potentially enable information disclosure via adjacent access. | ||
| CVE-2022-2837 | 0.00 | — | 0.00 | Mar 3, 2023 | A flaw was found in coreDNS. This flaw allows a malicious user to redirect traffic intended for external top-level domains (TLD) to a pod they control by creating projects and namespaces that match the TLD. | |||
| CVE-2022-2835 | 0.00 | — | 0.00 | Mar 3, 2023 | A flaw was found in coreDNS. This flaw allows a malicious user to reroute internal calls to some internal services that were accessed by the FQDN in a format of ..svc. |
- risk 0.63cvss 9.6epss 0.01
In BlackBerry QNX Software Development Platform (SDP) 6.6.0, an elevation of privilege vulnerability in the default configuration of the QNX SDP with QNet enabled on networks comprising two or more QNet nodes could allow an attacker to access local and remote files or take…
- risk 0.59cvss 9.1epss 0.04
The IPTables firewall in OpenStack Neutron before 7.0.4 and 8.0.0 through 8.1.0 allows remote attackers to bypass an intended ICMPv6-spoofing protection mechanism and consequently cause a denial of service or intercept network traffic via a link-local source address.
- risk 0.57cvss 8.8epss 0.00
A vulnerability in the SSH connection handling of Cisco Integrated Management Controller (IMC) for Cisco UCS B-Series, UCS C-Series, UCS S-Series, and UCS X-Series Servers could allow an authenticated, remote attacker to access internal services with elevated privileges. This…
- risk 0.54cvss 8.2epss 0.03
The IPTables firewall in OpenStack Neutron before 7.0.4 and 8.0.0 through 8.1.0 allows remote attackers to bypass an intended DHCP-spoofing protection mechanism and consequently cause a denial of service or intercept network traffic via a crafted DHCP discovery message.
- risk 0.49cvss 7.6epss 0.00
CWE-923: Improper Restriction of Communication Channel to Intended Endpoints
- risk 0.46cvss 7.1epss 0.00
Improper restriction of communication channel to intended endpoints issue exists in UpdateNavi V1.4 L10 to L33 and UpdateNaviInstallService Service 1.2.0091 to 1.2.0125. If a local authenticated attacker send malicious data, an arbitrary registry value may be modified or…
- risk 0.46cvss 7.1epss 0.01
Medtronic 2090 CareLink Programmer uses a virtual private network connection to securely download updates. It does not verify it is still connected to this virtual private network before downloading updates. The affected products initially establish an encapsulated IP-based…
- risk 0.44cvss 6.8epss 0.00
An improper restriction of communication channel to intended endpoints vulnerability has been reported to affect QHora. If an attacker gains physical access, they can then exploit the vulnerability to gain the privileges that were intended for the original endpoint. We have…
- risk 0.42cvss 7.5epss 0.01
Mullvad VPN through 2024.1 on Android does not set a DNS server in the blocking state (after a hard failure to create a tunnel), and thus DNS traffic can leave the device. Data showing that the affected device was the origin of sensitive DNS requests may be observed and logged…
- risk 0.41cvss 6.3epss 0.00
By manipulating the Signal Level Attenuation Characterization (SLAC) protocol with spoofed measurements, an attacker can stage a man-in-the-middle attack between an electric vehicle and chargers that comply with the ISO 15118-2 part. This vulnerability may be exploitable …
- risk 0.41cvss 6.3epss 0.00
Improper restriction of communication channel to intended endpoints issue exists in Ricoh Streamline NX PC Client ver.3.6.x and earlier. If this vulnerability is exploited, arbitrary code may be executed on the PC where the product is installed.
- risk 0.40cvss 6.2epss 0.00
NVIDIA RunAI for all platforms contains a vulnerability where a user could cause an improper restriction of communications channels on an adjacent network. A successful exploit of this vulnerability might lead to escalation of privileges, data tampering, and information…
- risk 0.38cvss 5.9epss 0.00
VMWare Workstation and Fusion contain a logic flaw in the management of network packets. Known attack vectors: A malicious actor with administrative privileges on a Guest VM may be able to interrupt or intercept network connections of other Guest VM's. Resolution: To…
- risk 0.38cvss 5.8epss 0.00
Quick Agent V3 and Quick Agent V2 contain an issue with improper restriction of communication channel to intended endpoints. If exploited, a remote unauthenticated attacker may attempt to log in to an arbitrary host via Windows system where the product is running.
- risk 0.35cvss 5.4epss 0.00
IBM watsonx.data 2.2 through 2.3.1 IBM Lakehouse does not properly restrict inbound and outbound connections which could allow an attacker to transfer or modify files without restrictions.
- risk 0.34cvss 5.3epss 0.00
IBM watsonx.data 2.2 through 2.3 IBM Lakehouse does not properly restrict communication between pods which could allow an attacker to transfer data between pods without restrictions.
- risk 0.33cvss 5.0epss 0.00
Route Services can be leveraged to send app traffic to network destinations outside of an app's configured egress rules. As a result, a malicious developer with access to Cloudfoundry could configure a route-service that would allow it to send requests to HTTP services on…
- risk 0.17cvss 2.6epss 0.00
Improper restriction of communication channel to intended endpoints in some Intel(R) PROSet/Wireless WiFi and Killerâ„¢ WiFi software before version 23.80 may allow an unauthenticated user to potentially enable information disclosure via adjacent access.
- CVE-2022-2837Mar 3, 2023risk 0.00cvss —epss 0.00
A flaw was found in coreDNS. This flaw allows a malicious user to redirect traffic intended for external top-level domains (TLD) to a pod they control by creating projects and namespaces that match the TLD.
- CVE-2022-2835Mar 3, 2023risk 0.00cvss —epss 0.00
A flaw was found in coreDNS. This flaw allows a malicious user to reroute internal calls to some internal services that were accessed by the FQDN in a format of ..svc.