Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
CAPEC-234:Hijacking a privileged process
Attack Pattern ID:234
Version:v3.9
Attack Pattern Name:Hijacking a privileged process
Abstraction:Standard
Status:Draft
Likelihood of Attack:
Typical Severity:Medium
DetailsContent HistoryRelated WeaknessesReports
2Weaknesses found
CWE-648
Incorrect Use of Privileged APIs
ShareView Details
Incorrect Use of Privileged APIs
Likelihood of Exploit-Low
Mapping-Allowed
Abstraction-Base
Found in48CVEs

The product does not conform to the API requirements for a function call that requires extra privileges. This could allow attackers to gain privileges by causing the function to be called incorrectly.

Impacts-
Execute Unauthorized Code or CommandsGain Privileges or Assume IdentityRead Application Data
Tags-
Low exploitExecute Unauthorized Code or Commands (impact)Read Application Data (impact)Gain Privileges or Assume Identity (impact)
As Seen In-
CWE Cross-section
CWE-732
Incorrect Permission Assignment for Critical Resource
ShareView Details
Incorrect Permission Assignment for Critical Resource
Likelihood of Exploit-High
Mapping-Allowed-with-Review
Abstraction-Class
Found in1470CVEs

The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors.

Impacts-
Gain Privileges or Assume IdentityOtherModify Application DataRead Files or DirectoriesRead Application Data
Tags-
High exploitEnvironment HardeningSandbox or JailCloud Computing (technology class)Other (impact)Modify Application Data (impact)Read Files or Directories (impact)Read Application Data (impact)Gain Privileges or Assume Identity (impact)
As Seen In-
2019 CWE Top 25 Most Dangerous Software Errors2021 CWE Top 25 Most Dangerous SoftwareCISQ Data Protection Measures2020 CWE Top 25 Most Dangerous SoftwareSimplified Mapping of Published VulnerabilitiesCWE Cross-section