Common Weakness Enumeration

CWE-424

Allowed-with-Review

Improper Protection of Alternate Path

Abstraction: Class · Status: Draft

The product does not sufficiently protect all possible paths that a user can take to access restricted functionality or resources.

61 vulnerabilities reference this CWE, most recent first.

GHSA-H7M2-WMQ5-3GW5

Vulnerability from github – Published: 2025-10-16 12:30 – Updated: 2025-10-16 12:30
VLAI
Details

Improper Protection of Alternate Path (CWE-424) in the AppSuite of desknet's NEO V4.0R1.0 to V9.0R2.0 allows an attacker to create malicious AppSuite applications.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-58079"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-424"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-10-16T10:15:43Z",
    "severity": "MODERATE"
  },
  "details": "Improper Protection of Alternate Path (CWE-424) in the AppSuite of desknet\u0027s NEO V4.0R1.0 to V9.0R2.0 allows an attacker to create malicious AppSuite applications.",
  "id": "GHSA-h7m2-wmq5-3gw5",
  "modified": "2025-10-16T12:30:23Z",
  "published": "2025-10-16T12:30:23Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-58079"
    },
    {
      "type": "WEB",
      "url": "https://jvn.jp/en/jp/JVN90757550"
    },
    {
      "type": "WEB",
      "url": "https://www.desknets.com/neo/support/mainte/17475"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-J8X5-54P6-CQVM

Vulnerability from github – Published: 2025-02-12 21:31 – Updated: 2025-04-09 18:30
VLAI
Details

A problem with the network isolation mechanism of the Palo Alto Networks Cortex XDR Broker VM allows attackers unauthorized access to Docker containers from the host network used by Broker VM. This may allow access to read files sent for analysis and logs transmitted by the Cortex XDR Agent to the Cortex XDR server.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-0113"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-424"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-02-12T21:15:16Z",
    "severity": "MODERATE"
  },
  "details": "A problem with the network isolation mechanism of the Palo Alto Networks Cortex XDR Broker VM allows attackers unauthorized access to Docker containers from the host network used by Broker VM. This may allow access to read files sent for analysis and logs transmitted by the Cortex XDR Agent to the Cortex XDR server.",
  "id": "GHSA-j8x5-54p6-cqvm",
  "modified": "2025-04-09T18:30:47Z",
  "published": "2025-02-12T21:31:54Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-0113"
    },
    {
      "type": "WEB",
      "url": "https://security.paloaltonetworks.com/CVE-2024-0113"
    },
    {
      "type": "WEB",
      "url": "https://security.paloaltonetworks.com/CVE-2025-0113"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:4.0/AV:P/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:Y/R:U/V:C/RE:M/U:Amber",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-JJV8-4R6F-2MJ4

Vulnerability from github – Published: 2022-03-11 00:02 – Updated: 2022-03-18 00:01
VLAI
Details

Improper Protection of Alternate Path vulnerability in Setup wizard process prior to SMR Mar-2022 Release 1 allows physical attacker package installation before finishing Setup wizard.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-24932"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-424",
      "CWE-425"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-03-10T17:46:00Z",
    "severity": "MODERATE"
  },
  "details": "Improper Protection of Alternate Path vulnerability in Setup wizard process prior to SMR Mar-2022 Release 1 allows physical attacker package installation before finishing Setup wizard.",
  "id": "GHSA-jjv8-4r6f-2mj4",
  "modified": "2022-03-18T00:01:21Z",
  "published": "2022-03-11T00:02:13Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-24932"
    },
    {
      "type": "WEB",
      "url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2022\u0026month=3"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-MMPQ-QPJ6-6R97

Vulnerability from github – Published: 2025-06-03 00:31 – Updated: 2025-06-03 00:31
VLAI
Details

Arris VIP1113 devices through 2025-05-30 with KreaTV SDK allow file overwrite via TFTP because a remote filename with a space character allows an attacker to control the local filename.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-49162"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-424"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-06-03T00:15:20Z",
    "severity": "MODERATE"
  },
  "details": "Arris VIP1113 devices through 2025-05-30 with KreaTV SDK allow file overwrite via TFTP because a remote filename with a space character allows an attacker to control the local filename.",
  "id": "GHSA-mmpq-qpj6-6r97",
  "modified": "2025-06-03T00:31:02Z",
  "published": "2025-06-03T00:31:02Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-49162"
    },
    {
      "type": "WEB",
      "url": "https://full-disclosure.eu/reports/2025/FDEU-CVE-2025-1c00-arris-bootloader-shell-injection.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-P8RH-53X8-6WW5

Vulnerability from github – Published: 2024-05-14 18:30 – Updated: 2025-02-12 18:31
VLAI
Details

In KioWare for Windows (versions all through 8.34) it is possible to exit this software and use other already opened applications utilizing a short time window before the forced automatic logout occurs. Then, by using some built-in function of these applications, one may launch any other programs.  In order to exploit this vulnerability external applications must be left running when the KioWare software is launched. Additionally, an attacker must know the PIN set for this Kioware instance and also slow down the application with some specific task which extends the usable time window.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-3460"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-424"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-05-14T15:41:12Z",
    "severity": "HIGH"
  },
  "details": "In KioWare for Windows (versions all through 8.34)\u00a0it is possible to exit this software\u00a0and use other already opened applications utilizing a short time window before the forced automatic logout occurs. Then, by using some built-in function of these applications, one may launch any other programs.\u00a0\nIn order to exploit this vulnerability external applications must be left running when the KioWare software is launched. Additionally, an attacker must know\u00a0the PIN set for this Kioware instance and also slow down the application with some specific task which extends the usable time window.",
  "id": "GHSA-p8rh-53x8-6ww5",
  "modified": "2025-02-12T18:31:28Z",
  "published": "2024-05-14T18:30:52Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-3460"
    },
    {
      "type": "WEB",
      "url": "https://cert.pl/en/posts/2024/04/CVE-2024-3459"
    },
    {
      "type": "WEB",
      "url": "https://cert.pl/posts/2024/04/CVE-2024-3459"
    },
    {
      "type": "WEB",
      "url": "https://www.kioware.com"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-R39R-M7WQ-966M

Vulnerability from github – Published: 2026-04-14 15:30 – Updated: 2026-04-14 15:30
VLAI
Details

Improper protection of an alternate path in Ivanti N-ITSM before version 2025.4 allows a remote authenticated attacker to retain access when their account has been disabled.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-4913"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-424"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-04-14T15:16:39Z",
    "severity": "MODERATE"
  },
  "details": "Improper protection of an alternate path\u00a0in\u00a0Ivanti\u00a0N-ITSM\u00a0before\u00a0version 2025.4\u00a0allows a\u00a0remote authenticated\u00a0attacker to\u00a0retain access when their account has been\u00a0disabled.",
  "id": "GHSA-r39r-m7wq-966m",
  "modified": "2026-04-14T15:30:35Z",
  "published": "2026-04-14T15:30:35Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-4913"
    },
    {
      "type": "WEB",
      "url": "https://hub.ivanti.com/s/article/Security-Advisory-Ivanti-Neurons-for-ITSM-CVE-2026-4913-CVE-2026-4914?language=en_US"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-R3PQ-877R-MPFH

Vulnerability from github – Published: 2023-11-21 21:30 – Updated: 2023-11-21 21:30
VLAI
Details

A vulnerability in the web-based management interface of Cisco Identity Services Engine could allow an authenticated, remote attacker to upload malicious files to the web root of the application. This vulnerability is due to insufficient file input validation. An attacker could exploit this vulnerability by uploading a malicious file to the web interface. A successful exploit could allow the attacker to replace files and gain access to sensitive server-side information.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-20272"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-424"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-11-21T19:15:08Z",
    "severity": "MODERATE"
  },
  "details": "A vulnerability in the web-based management interface of Cisco Identity Services Engine could allow an authenticated, remote attacker to upload malicious files to the web root of the application. This vulnerability is due to insufficient file input validation. An attacker could exploit this vulnerability by uploading a malicious file to the web interface. A successful exploit could allow the attacker to replace files and gain access to sensitive server-side information.",
  "id": "GHSA-r3pq-877r-mpfh",
  "modified": "2023-11-21T21:30:23Z",
  "published": "2023-11-21T21:30:23Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-20272"
    },
    {
      "type": "WEB",
      "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-mult-j-KxpNynR"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:L",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-RC4H-XGCC-X9W4

Vulnerability from github – Published: 2023-09-25 18:30 – Updated: 2024-04-04 07:50
VLAI
Details

Docker Desktop before 4.23.0 allows an unprivileged user to bypass Enhanced Container Isolation (ECI) restrictions via the debug shell which remains accessible for a short time window after launching Docker Desktop. The affected functionality is available for Docker Business customers only and assumes an environment where users are not granted local root or Administrator privileges.

This issue has been fixed in Docker Desktop 4.23.0.

Affected Docker Desktop versions: from 4.13.0 before 4.23.0.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-5165"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-424",
      "CWE-862"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-09-25T16:15:15Z",
    "severity": "HIGH"
  },
  "details": "Docker Desktop before 4.23.0 allows an unprivileged user to bypass Enhanced Container Isolation (ECI) restrictions via the debug shell which remains accessible for a short time window after launching Docker Desktop. The affected functionality is available for Docker Business customers only and assumes an environment where users are not granted local root or Administrator privileges. \n\nThis issue has been fixed in Docker Desktop 4.23.0. \n\nAffected Docker Desktop versions: from 4.13.0 before 4.23.0.\n",
  "id": "GHSA-rc4h-xgcc-x9w4",
  "modified": "2024-04-04T07:50:47Z",
  "published": "2023-09-25T18:30:51Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-5165"
    },
    {
      "type": "WEB",
      "url": "https://docs.docker.com/desktop/release-notes/#4230"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-VXHP-FM7F-3JRP

Vulnerability from github – Published: 2025-07-28 18:31 – Updated: 2025-08-04 15:31
VLAI
Details

Prior to 25.4.270.0, when wmic.exe is elevated with a full admin token the user can stop the Defendpoint service, bypassing anti-tamper protections. Once the service is disabled, the malicious user can add themselves to Administrators group and run any process with elevated permissions.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-6250"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-424"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-07-28T16:15:24Z",
    "severity": "HIGH"
  },
  "details": "Prior to 25.4.270.0, when wmic.exe is elevated with a full admin token the user can stop the Defendpoint service, bypassing anti-tamper protections. Once the service is disabled, the malicious user can add themselves to Administrators group and run any process with elevated permissions.",
  "id": "GHSA-vxhp-fm7f-3jrp",
  "modified": "2025-08-04T15:31:08Z",
  "published": "2025-07-28T18:31:26Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-6250"
    },
    {
      "type": "WEB",
      "url": "https://www.beyondtrust.com/trust-center/security-advisories/bt25-06"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-VXVX-HWWH-PP7C

Vulnerability from github – Published: 2026-07-10 06:31 – Updated: 2026-07-10 09:31
VLAI
Details

In OpenStack Ironic before 37.0.1, an Ironic user with the ability to deploy nodes using the IPMI management interface can maliciously use the send_raw step to send arbitrary IPMI commands to a node, bypassing Ironic's access control.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-54423"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-424"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-07-10T04:17:52Z",
    "severity": "HIGH"
  },
  "details": "In OpenStack Ironic before 37.0.1, an Ironic user with the ability to deploy nodes using the IPMI management interface can maliciously use the send_raw step to send arbitrary IPMI commands to a node, bypassing Ironic\u0027s access control.",
  "id": "GHSA-vxvx-hwwh-pp7c",
  "modified": "2026-07-10T09:31:36Z",
  "published": "2026-07-10T06:31:20Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-54423"
    },
    {
      "type": "WEB",
      "url": "https://bugs.launchpad.net/ironic/+bug/2150458"
    },
    {
      "type": "WEB",
      "url": "https://security.openstack.org/ossa/OSSA-2026-025.html"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2026/07/08/3"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:H",
      "type": "CVSS_V3"
    }
  ]
}

Mitigation
Architecture and Design

Deploy different layers of protection to implement security in depth.

CAPEC-127: Directory Indexing

An adversary crafts a request to a target that results in the target listing/indexing the content of a directory as output. One common method of triggering directory contents as output is to construct a request containing a path that terminates in a directory name rather than a file name since many applications are configured to provide a list of the directory's contents when such a request is received. An adversary can use this to explore the directory tree on a target as well as learn the names of files. This can often end up revealing test files, backup files, temporary files, hidden files, configuration files, user accounts, script contents, as well as naming conventions, all of which can be used by an attacker to mount additional attacks.

CAPEC-554: Functionality Bypass

An adversary attacks a system by bypassing some or all functionality intended to protect it. Often, a system user will think that protection is in place, but the functionality behind those protections has been disabled by the adversary.