CAPEC-233

Name

Privilege Escalation

Status

Draft

Published

2014-06-23 00:00 +00:00

Last Modified

2021-10-21 00:00 +00:00

Official links

CAPEC Mitre.org

Alerte pour un CAPEC

Stay informed of any changes for a specific CAPEC.

Alert management

List of Alerts

Alerte pour un CAPEC

Stay informed of any changes for a specific CAPEC.

Parameters

You can specify a title that will be retrieved in the alerts that will be sent out.

Specify the CAPEC ID you wish to monitor.

Planning

Month

Next run calculation

Day

Weekday

Hour

Minute

Creation date

Last execution

Next execution

Functionality requiring a connection

This feature, which allows you to receive alerts, is only active when you are logged into your account.

Description

An adversary exploits a weakness enabling them to elevate their privilege and perform an action that they are not supposed to be authorized to perform.

Informations

Related Weaknesses

CWE-ID	Weakness Name
CWE-269	Improper Privilege Management The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.
CWE-1264	Hardware Logic with Insecure De-Synchronization between Control and Data Channels The hardware logic for error handling and security checks can incorrectly forward data before the security check is complete.
CWE-1311	Improper Translation of Security Attributes by Fabric Bridge The bridge incorrectly translates security attributes from either trusted to untrusted or from untrusted to trusted when converting from one fabric protocol to another.

References

REF-600

OWASP Web Security Testing Guide
https://owasp.org/www-project-web-security-testing-guide/latest/4-Web_Application_Security_Testing/05-Authorization_Testing/03-Testing_for_Privilege_Escalation.html

Submission

Name	Organization	Date	Date Release
CAPEC Content Team	The MITRE Corporation	2014-06-23 +00:00

Modifications

Name	Organization	Date	Comment
CAPEC Content Team	The MITRE Corporation	2015-12-07 +00:00	Updated Description, Description Summary, Relationships, Type (Category -> Attack_Pattern)
CAPEC Content Team	The MITRE Corporation	2019-04-04 +00:00	Updated Related_Weaknesses
CAPEC Content Team	The MITRE Corporation	2020-07-30 +00:00	Updated Related_Weaknesses, Taxonomy_Mappings
CAPEC Content Team	The MITRE Corporation	2020-12-17 +00:00	Updated References, Related_Weaknesses
CAPEC Content Team	The MITRE Corporation	2021-06-24 +00:00	Updated @Abstraction
CAPEC Content Team	The MITRE Corporation	2021-10-21 +00:00	Updated @Abstraction

Lists Vulnerabilities

Sorted by Year

CVE Statistics

Specific Views

Vendors List

Products List

Lists CWE

Specific Views

Lasts 7 CWE

Lists CAPEC

Specifics Views

7 Lasts CAPEC

CAPEC-233

Alerte pour un CAPEC

Functionality requiring a connection

Description

Informations

Related Weaknesses

References

REF-600

Submission

Modifications

Lists Vulnerabilities

Sorted by Year

CVE Statistics

Specific Views

CVE

OWASP

CISA KEV

Vendors List

Products List

Lists CWE

Specific Views

Lasts 7 CWE

Lists CAPEC

Specifics Views

7 Lasts CAPEC

No result found

Alert System

CAPEC-233 Detail

CAPEC-233

Alerte pour un CAPEC

Description

Informations

Related Weaknesses

References

REF-600

Submission

Modifications