CWE-267
Privilege Defined With Unsafe Actions
Incomplete
2006-07-19 00:00 +00:00
2023-06-29 00:00 +00:00
Alerte pour un CWE
Restez informé de toutes modifications pour un CWE spécifique.
Privilege Defined With Unsafe Actions
A particular privilege, role, capability, or right can be used to perform unsafe actions that were not intended, even when it is assigned to the correct entity.
Informations
Modes Of Introduction
Architecture and DesignImplementation : REALIZATION: This weakness is caused during implementation of an architectural security tactic.
Operation
Applicable Platforms
Language
Class: Not Language-Specific (Undetermined)Common Consequences
| Scope | Impact | Likelihood |
|---|---|---|
| Access Control | Gain Privileges or Assume Identity Note: A user can access restricted functionality and/or sensitive information that may include administrative functionality and user accounts. |
Observed Examples
| Reference | Description |
|---|---|
| Roles have access to dangerous procedures (Accessible entities). | |
| Untrusted object/method gets access to clipboard (Accessible entities). | |
| Gain privileges using functions/tags that should be restricted (Accessible entities). | |
| Traceroute program allows unprivileged users to modify source address of packet (Accessible entities). | |
| Bypass domain restrictions using a particular file that references unsafe URI schemes (Accessible entities). | |
| Script does not restrict access to an update command, leading to resultant disk consumption and filled error logs (Accessible entities). | |
| "public" database user can use stored procedure to modify data controlled by the database owner (Unsafe privileged actions). | |
| User with capability can prevent setuid program from dropping privileges (Unsafe privileged actions). | |
| Allows attachment to and modification of privileged processes (Unsafe privileged actions). | |
| User with privilege can edit raw underlying object using unprotected method (Unsafe privileged actions). | |
| Inappropriate actions allowed by a particular role(Unsafe privileged actions). | |
| Untrusted entity allowed to access the system clipboard (Unsafe privileged actions). | |
| Extra Linux capability allows bypass of system-specified restriction (Unsafe privileged actions). | |
| User with debugging rights can read entire process (Unsafe privileged actions). | |
| Non-root admins can add themselves or others to the root admin group (Unsafe privileged actions). | |
| Users can change certain properties of objects to perform otherwise unauthorized actions (Unsafe privileged actions). | |
| Certain debugging commands not restricted to just the administrator, allowing registry modification and infoleak (Unsafe privileged actions). |
Potential Mitigations
Phases : Architecture and Design // OperationVery carefully manage the setting, management, and handling of privileges. Explicitly manage trust zones in the software.
Phases : Architecture and Design // Operation
Run your code using the lowest privileges that are required to accomplish the necessary tasks [REF-76]. If possible, create isolated accounts with limited privileges that are only used for a single task. That way, a successful attack will not immediately give the attacker access to the rest of the software or its environment. For example, database applications rarely need to run as the database administrator, especially in day-to-day operations.
Vulnerability Mapping Notes
Rationale : This CWE entry is at the Base level of abstraction, which is a preferred level of abstraction for mapping to the root causes of vulnerabilities.Comments : Carefully read both the name and description to ensure that this mapping is an appropriate fit. Do not try to 'force' a mapping to a lower-level Base/Variant simply to comply with this preferred level of abstraction.
Related Attack Patterns
| CAPEC-ID | Attack Pattern Name |
|---|---|
| CAPEC-58 | Restful Privilege Elevation An adversary identifies a Rest HTTP (Get, Put, Delete) style permission method allowing them to perform various malicious actions upon server data due to lack of access control mechanisms implemented within the application service accepting HTTP messages. |
| CAPEC-634 | Probe Audio and Video Peripherals The adversary exploits the target system's audio and video functionalities through malware or scheduled tasks. The goal is to capture sensitive information about the target for financial, personal, political, or other gains which is accomplished by collecting communication data between two parties via the use of peripheral devices (e.g. microphones and webcams) or applications with audio and video capabilities (e.g. Skype) on a system. |
| CAPEC-637 | Collect Data from Clipboard The adversary exploits an application that allows for the copying of sensitive data or information by collecting information copied to the clipboard. Data copied to the clipboard can be accessed by other applications, such as malware built to exfiltrate or log clipboard contents on a periodic basis. In this way, the adversary aims to garner information to which they are unauthorized. |
| CAPEC-643 | Identify Shared Files/Directories on System An adversary discovers connections between systems by exploiting the target system's standard practice of revealing them in searchable, common areas. Through the identification of shared folders/drives between systems, the adversary may further their goals of locating and collecting sensitive information/files, or map potential routes for lateral movement within the network. |
| CAPEC-648 | Collect Data from Screen Capture An adversary gathers sensitive information by exploiting the system's screen capture functionality. Through screenshots, the adversary aims to see what happens on the screen over the course of an operation. The adversary can leverage information gathered in order to carry out further attacks. |
Notes
Note: there are 2 separate sub-categories here:
- privilege incorrectly allows entities to perform certain actions
- object is incorrectly accessible to entities with a given privilege
References
REF-76
Least PrivilegeSean Barnum, Michael Gegick.
https://web.archive.org/web/20211209014121/https://www.cisa.gov/uscert/bsi/articles/knowledge/principles/least-privilege
Submission
| Name | Organization | Date | Date Release | Version |
|---|---|---|---|---|
| PLOVER | Draft 3 |
Modifications
| Name | Organization | Date | Comment |
|---|---|---|---|
| Eric Dalci | Cigital | updated Time_of_Introduction | |
| CWE Content Team | MITRE | updated Description, Maintenance_Notes, Relationships, Taxonomy_Mappings | |
| CWE Content Team | MITRE | updated Relationships | |
| CWE Content Team | MITRE | updated Potential_Mitigations | |
| CWE Content Team | MITRE | updated Potential_Mitigations | |
| CWE Content Team | MITRE | updated Common_Consequences | |
| CWE Content Team | MITRE | updated Common_Consequences, Demonstrative_Examples, Relationships | |
| CWE Content Team | MITRE | updated Potential_Mitigations, References | |
| CWE Content Team | MITRE | updated Applicable_Platforms, Modes_of_Introduction, References, Relationships | |
| CWE Content Team | MITRE | updated Related_Attack_Patterns | |
| CWE Content Team | MITRE | updated Demonstrative_Examples | |
| CWE Content Team | MITRE | updated Relationships | |
| CWE Content Team | MITRE | updated Demonstrative_Examples | |
| CWE Content Team | MITRE | updated Maintenance_Notes | |
| CWE Content Team | MITRE | updated References | |
| CWE Content Team | MITRE | updated References, Relationships | |
| CWE Content Team | MITRE | updated Mapping_Notes |
2024©
tesweb SA
