Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
CAPEC-233:Privilege Escalation
Attack Pattern ID:233
Version:v3.9
Attack Pattern Name:Privilege Escalation
Abstraction:Meta
Status:Draft
Likelihood of Attack:
Typical Severity:
DetailsContent HistoryRelated WeaknessesReports
▼Description
An adversary exploits a weakness enabling them to elevate their privilege and perform an action that they are not supposed to be authorized to perform.
▼Extended Description
▼Alternate Terms
▼Relationships
NatureTypeIDName
ParentOfS30Hijacking a Privileged Thread of Execution
ParentOfS68Subvert Code-signing Facilities
ParentOfS69Target Programs with Elevated Privileges
ParentOfS104Cross Zone Scripting
ParentOfS234Hijacking a privileged process
CanFollowS17Using Malicious Files
Nature: ParentOf
Type: Standard
ID: 30
Name: Hijacking a Privileged Thread of Execution
Nature: ParentOf
Type: Standard
ID: 68
Name: Subvert Code-signing Facilities
Nature: ParentOf
Type: Standard
ID: 69
Name: Target Programs with Elevated Privileges
Nature: ParentOf
Type: Standard
ID: 104
Name: Cross Zone Scripting
Nature: ParentOf
Type: Standard
ID: 234
Name: Hijacking a privileged process
Nature: CanFollow
Type: Standard
ID: 17
Name: Using Malicious Files
▼Execution Flow
▼Prerequisites
▼Skills Required
▼Resources Required
▼Indicators
▼Consequences
ScopeLikelihoodImpactNote
▼Mitigations
▼Example Instances
▼Related Weaknesses
IDName
CWE-1264Hardware Logic with Insecure De-Synchronization between Control and Data Channels
CWE-1311Improper Translation of Security Attributes by Fabric Bridge
CWE-269Improper Privilege Management
ID: CWE-1264
Name: Hardware Logic with Insecure De-Synchronization between Control and Data Channels
ID: CWE-1311
Name: Improper Translation of Security Attributes by Fabric Bridge
ID: CWE-269
Name: Improper Privilege Management
▼Taxonomy Mappings
Taxonomy NameEntry IDEntry Name
ATTACK1548Abuse Elevation Control Mechanism
Taxonomy Name: ATTACK
Entry ID: 1548
Entry Name: Abuse Elevation Control Mechanism
▼Notes
▼References
Reference ID: REF-600
Title: OWASP Web Security Testing Guide
Author:
Publication:
Publisher:The Open Web Application Security Project (OWASP)
Edition:
URL:https://owasp.org/www-project-web-security-testing-guide/latest/4-Web_Application_Security_Testing/05-Authorization_Testing/03-Testing_for_Privilege_Escalation.html
URL Date:
Day:N/A
Month:N/A
Year:N/A
Details not found