CWE-648
AllowedIncorrect Use of Privileged APIs
Abstraction: Base · Status: Incomplete
The product does not conform to the API requirements for a function call that requires extra privileges. This could allow attackers to gain privileges by causing the function to be called incorrectly.
113 vulnerabilities reference this CWE, most recent first.
GHSA-F274-2846-89Q3
Vulnerability from github – Published: 2025-12-10 09:30 – Updated: 2026-06-06 09:31Incorrect Use of Privileged APIs vulnerability in NomySost Information Technology Training and Consulting Inc. Nomysem allows Privilege Escalation.This issue affects Nomysem: through May 2025.
{
"affected": [],
"aliases": [
"CVE-2025-1161"
],
"database_specific": {
"cwe_ids": [
"CWE-648"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-12-10T09:15:47Z",
"severity": "HIGH"
},
"details": "Incorrect Use of Privileged APIs vulnerability in NomySost Information Technology Training and Consulting Inc. Nomysem allows Privilege Escalation.This issue affects Nomysem: through May 2025.",
"id": "GHSA-f274-2846-89q3",
"modified": "2026-06-06T09:31:14Z",
"published": "2025-12-10T09:30:25Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-1161"
},
{
"type": "WEB",
"url": "https://siberguvenlik.gov.tr/guvenlik-bildirimleri/detay/tr-25-0440"
},
{
"type": "WEB",
"url": "https://www.usom.gov.tr/bildirim/tr-25-0440"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-F445-7G93-34V9
Vulnerability from github – Published: 2026-07-04 03:31 – Updated: 2026-07-04 03:31An Incorrect Use of Privileged APIs vulnerability in Unity Parsec on Windows hosts leads to a potential Elevation of Privilege. This issue affects Parsec through v2026-05-04.0. The patched version is Parsec for Windows version 150-104a. A user can generate a situation where there is an instance of parsecd.exe running as NT AUTHORITY\SYSTEM with a user-controlled value of the AppData environment variable.
{
"affected": [],
"aliases": [
"CVE-2026-54424"
],
"database_specific": {
"cwe_ids": [
"CWE-648"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-07-04T01:16:27Z",
"severity": "HIGH"
},
"details": "An Incorrect Use of Privileged APIs vulnerability in Unity Parsec on Windows hosts leads to a potential Elevation of Privilege. This issue affects Parsec through v2026-05-04.0. The patched version is\u00a0Parsec for Windows version 150-104a. A user can generate a situation where there is an instance of parsecd.exe running as NT AUTHORITY\\SYSTEM with a user-controlled value of the AppData environment variable.",
"id": "GHSA-f445-7g93-34v9",
"modified": "2026-07-04T03:31:02Z",
"published": "2026-07-04T03:31:02Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-54424"
},
{
"type": "WEB",
"url": "https://github.com/tomadimitrie/CVE-2026-54424"
},
{
"type": "WEB",
"url": "https://parsec.app"
},
{
"type": "WEB",
"url": "https://support.parsec.app/hc/en-us/articles/50612943726612-CVE-2026-54424"
},
{
"type": "WEB",
"url": "https://www.tomadimitrie.dev/blog/CVE-2026-54424"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-F4CX-P6HX-CHWV
Vulnerability from github – Published: 2022-05-24 16:55 – Updated: 2024-04-04 01:52A flaw was found in, ghostscript versions prior to 9.28, in the .pdfexectoken and other procedures where it did not properly secure its privileged calls, enabling scripts to bypass -dSAFER restrictions. A specially crafted PostScript file could disable security protection and then have access to the file system, or execute arbitrary commands.
{
"affected": [],
"aliases": [
"CVE-2019-14817"
],
"database_specific": {
"cwe_ids": [
"CWE-648",
"CWE-863"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2019-09-03T16:15:00Z",
"severity": "HIGH"
},
"details": "A flaw was found in, ghostscript versions prior to 9.28, in the .pdfexectoken and other procedures where it did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER` restrictions. A specially crafted PostScript file could disable security protection and then have access to the file system, or execute arbitrary commands.",
"id": "GHSA-f4cx-p6hx-chwv",
"modified": "2024-04-04T01:52:36Z",
"published": "2022-05-24T16:55:22Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-14817"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHBA-2019:2824"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2019:2594"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14817"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2019/09/msg00007.html"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6AATIHU32MYKUOXQDJQU4X4DDVL7NAY3"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LBUC4DBBJTRFNCR3IODBV4IXB2C2HI3V"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZP34D27RKYV2POJ3NJLSVCHUA5V5C45A"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6AATIHU32MYKUOXQDJQU4X4DDVL7NAY3"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LBUC4DBBJTRFNCR3IODBV4IXB2C2HI3V"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZP34D27RKYV2POJ3NJLSVCHUA5V5C45A"
},
{
"type": "WEB",
"url": "https://seclists.org/bugtraq/2019/Sep/15"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/202004-03"
},
{
"type": "WEB",
"url": "https://www.debian.org/security/2019/dsa-4518"
},
{
"type": "WEB",
"url": "http://git.ghostscript.com/?p=ghostpdl.git%3Ba=commitdiff%3Bh=cd1b1cacadac2479e291efe611979bdc1b3bdb19"
},
{
"type": "WEB",
"url": "http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=cd1b1cacadac2479e291efe611979bdc1b3bdb19"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00088.html"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00090.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-FV6C-RFG3-GVJW
Vulnerability from github – Published: 2022-12-23 12:30 – Updated: 2023-01-02 20:21Incorrect Use of Privileged APIs in GitHub repository usememos/memos prior to 0.9.0.
{
"affected": [
{
"package": {
"ecosystem": "Go",
"name": "github.com/usememos/memos"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "0.9.0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2022-4687"
],
"database_specific": {
"cwe_ids": [
"CWE-269",
"CWE-648"
],
"github_reviewed": true,
"github_reviewed_at": "2022-12-30T16:25:32Z",
"nvd_published_at": "2022-12-23T12:15:00Z",
"severity": "HIGH"
},
"details": "Incorrect Use of Privileged APIs in GitHub repository usememos/memos prior to 0.9.0.",
"id": "GHSA-fv6c-rfg3-gvjw",
"modified": "2023-01-02T20:21:28Z",
"published": "2022-12-23T12:30:25Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-4687"
},
{
"type": "WEB",
"url": "https://github.com/usememos/memos/commit/dca35bde877aab6e64ef51b52e590b5d48f692f9"
},
{
"type": "PACKAGE",
"url": "https://github.com/usememos/memos"
},
{
"type": "WEB",
"url": "https://huntr.dev/bounties/b908377f-a61b-432c-8e6a-c7498da69788"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"type": "CVSS_V3"
}
],
"summary": "usememos/memos makes Incorrect Use of Privileged APIs"
}
GHSA-GG9V-MGCP-V6M7
Vulnerability from github – Published: 2026-04-03 03:19 – Updated: 2026-05-06 22:23Summary
Bootstrap setup codes were not bound to the intended device role and scopes, allowing first-use privilege escalation during pairing.
Current Maintainer Triage
- Status: open
- Normalized severity: high
- Assessment: Real first-use bootstrap privilege-escalation bug fixed and shipped in v2026.3.22+, so keep open for publication with current severity.
Affected Packages / Versions
- Package:
openclaw(npm) - Latest published npm version:
2026.3.31 - Vulnerable version range:
<=2026.3.13-1 - Patched versions:
>= 2026.3.22 - First stable tag containing the fix:
v2026.3.22
Fix Commit(s)
a600c72ed7d0045a27f58bf031d2b36ecb0141c9— 2026-03-22T23:57:15-07:00
OpenClaw thanks @tdjackey for reporting.
{
"affected": [
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 2026.3.13-1"
},
"package": {
"ecosystem": "npm",
"name": "openclaw"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2026.3.22"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2026-41386"
],
"database_specific": {
"cwe_ids": [
"CWE-269",
"CWE-648"
],
"github_reviewed": true,
"github_reviewed_at": "2026-04-03T03:19:33Z",
"nvd_published_at": "2026-04-28T19:37:41Z",
"severity": "HIGH"
},
"details": "## Summary\nBootstrap setup codes were not bound to the intended device role and scopes, allowing first-use privilege escalation during pairing.\n\n## Current Maintainer Triage\n- Status: open\n- Normalized severity: high\n- Assessment: Real first-use bootstrap privilege-escalation bug fixed and shipped in v2026.3.22+, so keep open for publication with current severity.\n\n## Affected Packages / Versions\n- Package: `openclaw` (npm)\n- Latest published npm version: `2026.3.31`\n- Vulnerable version range: `\u003c=2026.3.13-1`\n- Patched versions: `\u003e= 2026.3.22`\n- First stable tag containing the fix: `v2026.3.22`\n\n## Fix Commit(s)\n- `a600c72ed7d0045a27f58bf031d2b36ecb0141c9` \u2014 2026-03-22T23:57:15-07:00\n\nOpenClaw thanks @tdjackey for reporting.",
"id": "GHSA-gg9v-mgcp-v6m7",
"modified": "2026-05-06T22:23:23Z",
"published": "2026-04-03T03:19:33Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-gg9v-mgcp-v6m7"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41386"
},
{
"type": "WEB",
"url": "https://github.com/openclaw/openclaw/commit/a600c72ed7d0045a27f58bf031d2b36ecb0141c9"
},
{
"type": "PACKAGE",
"url": "https://github.com/openclaw/openclaw"
},
{
"type": "WEB",
"url": "https://www.vulncheck.com/advisories/openclaw-privilege-escalation-via-unbound-bootstrap-setup-codes"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:H/SA:N",
"type": "CVSS_V4"
}
],
"summary": "OpenClaw: Unbound bootstrap setup codes allow privilege escalation during pairing"
}
GHSA-GH8Q-X6GX-V2FF
Vulnerability from github – Published: 2025-11-11 21:30 – Updated: 2025-11-11 21:30A vulnerability has been identified in Spectrum Power 4 (All versions < V4.70 SP12 Update 2). The affected application is vulnerable to a local privilege escalation due to an exposed debug interface on the localhost. This allows any local user to gain code execution as administrative application user.
{
"affected": [],
"aliases": [
"CVE-2024-32008"
],
"database_specific": {
"cwe_ids": [
"CWE-648"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-11-11T21:15:35Z",
"severity": "HIGH"
},
"details": "A vulnerability has been identified in Spectrum Power 4 (All versions \u003c V4.70 SP12 Update 2). The affected application is vulnerable to a local privilege escalation due to an exposed debug interface on the localhost. This allows any local user to gain code execution as administrative application user.",
"id": "GHSA-gh8q-x6gx-v2ff",
"modified": "2025-11-11T21:30:28Z",
"published": "2025-11-11T21:30:28Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-32008"
},
{
"type": "WEB",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-339694.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-GHCQ-472W-VF4H
Vulnerability from github – Published: 2022-04-08 21:59 – Updated: 2022-04-08 21:59Impact
Simple users can create global SSX/JSX without specific rights: in theory only users with Programming Rights should be allowed to create SSX or JSX that are executed everywhere on a wiki. But a bug allow anyone with edit rights to actually create those.
Patches
This issue has been patched in XWiki 13.10-rc-1, 12.10.11 and 13.4.6.
Workarounds
There's no easy workaround for this issue, administrators should upgrade their wiki.
References
https://jira.xwiki.org/browse/XWIKI-19155
For more information
If you have any questions or comments about this advisory: * Open an issue in JIRA * Email us at XWiki Security ML
{
"affected": [
{
"package": {
"ecosystem": "Maven",
"name": "org.xwiki.platform:xwiki-platform-skin-skinx"
},
"ranges": [
{
"events": [
{
"introduced": "13.5.0"
},
{
"fixed": "13.10"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Maven",
"name": "org.xwiki.platform:xwiki-platform-skin-skinx"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "12.10.11"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Maven",
"name": "org.xwiki.platform:xwiki-platform-skin-skinx"
},
"ranges": [
{
"events": [
{
"introduced": "13.0.0"
},
{
"fixed": "13.4.6"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2022-24821"
],
"database_specific": {
"cwe_ids": [
"CWE-648"
],
"github_reviewed": true,
"github_reviewed_at": "2022-04-08T21:59:04Z",
"nvd_published_at": "2022-04-08T19:15:00Z",
"severity": "MODERATE"
},
"details": "### Impact\n\nSimple users can create global SSX/JSX without specific rights: in theory only users with Programming Rights should be allowed to create SSX or JSX that are executed everywhere on a wiki. But a bug allow anyone with edit rights to actually create those. \n\n### Patches\nThis issue has been patched in XWiki 13.10-rc-1, 12.10.11 and 13.4.6. \n\n### Workarounds\nThere\u0027s no easy workaround for this issue, administrators should upgrade their wiki.\n\n### References\nhttps://jira.xwiki.org/browse/XWIKI-19155\n\n### For more information\nIf you have any questions or comments about this advisory:\n* Open an issue in [JIRA](https://jira.xwiki.org)\n* Email us at [XWiki Security ML](mailto:security@xwiki.org)\n",
"id": "GHSA-ghcq-472w-vf4h",
"modified": "2022-04-08T21:59:04Z",
"published": "2022-04-08T21:59:04Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-ghcq-472w-vf4h"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-24821"
},
{
"type": "PACKAGE",
"url": "https://github.com/xwiki/xwiki-platform"
},
{
"type": "WEB",
"url": "https://jira.xwiki.org/browse/XWIKI-19155"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N",
"type": "CVSS_V3"
}
],
"summary": "Incorrect Use of Privileged APIs in org.xwiki.platform.skin.skinx"
}
GHSA-GHX2-6V4G-9WMM
Vulnerability from github – Published: 2022-12-28 15:30 – Updated: 2023-01-10 15:45In usememos/memos 0.9.0 and prior, a user with login permission can delete all notes of the whole application via API DELETE https://demo.usememos.com/api/memo/$idnote. The vulnerability will lose all user notes data throughout the system, causing damage to user data.
{
"affected": [
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 0.9.0"
},
"package": {
"ecosystem": "Go",
"name": "github.com/usememos/memos"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "0.9.1"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2022-4796"
],
"database_specific": {
"cwe_ids": [
"CWE-648"
],
"github_reviewed": true,
"github_reviewed_at": "2022-12-30T19:48:54Z",
"nvd_published_at": "2022-12-28T14:15:00Z",
"severity": "HIGH"
},
"details": "In usememos/memos 0.9.0 and prior, a user with login permission can delete all notes of the whole application via `API DELETE https://demo.usememos.com/api/memo/$idnote`. The vulnerability will lose all user notes data throughout the system, causing damage to user data.",
"id": "GHSA-ghx2-6v4g-9wmm",
"modified": "2023-01-10T15:45:19Z",
"published": "2022-12-28T15:30:45Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-4796"
},
{
"type": "WEB",
"url": "https://github.com/usememos/memos/commit/3556ae4e651d9443dc3bb8a170dd3cc726517a53"
},
{
"type": "PACKAGE",
"url": "https://github.com/usememos/memos"
},
{
"type": "WEB",
"url": "https://huntr.dev/bounties/efe8001b-1d6a-41af-a64c-736705cc66a6"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
"type": "CVSS_V3"
}
],
"summary": "usememos/memos makes Incorrect Use of Privileged APIs"
}
GHSA-GW58-Q7H6-R9QM
Vulnerability from github – Published: 2025-04-28 15:31 – Updated: 2025-04-28 15:31Dell PowerProtect Data Manager Reporting, version(s) 19.17, contain(s) an Incorrect Use of Privileged APIs vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of privileges.
{
"affected": [],
"aliases": [
"CVE-2025-23375"
],
"database_specific": {
"cwe_ids": [
"CWE-648"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-04-28T15:15:45Z",
"severity": "HIGH"
},
"details": "Dell PowerProtect Data Manager Reporting, version(s) 19.17, contain(s) an Incorrect Use of Privileged APIs vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of privileges.",
"id": "GHSA-gw58-q7h6-r9qm",
"modified": "2025-04-28T15:31:41Z",
"published": "2025-04-28T15:31:41Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-23375"
},
{
"type": "WEB",
"url": "https://www.dell.com/support/kbdoc/en-us/000311083/dsa-2025-062-security-update-for-dell-powerprotect-data-manager-multiple-security-vulnerabilities"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-H3GC-M3GF-R5PR
Vulnerability from github – Published: 2023-01-20 09:30 – Updated: 2023-01-26 18:30A vulnerability in the web-based management interface of Cisco Identity Services Engine could allow an authenticated, remote attacker to take privileges actions within the web-based management interface. This vulnerability is due to improper access control on a feature within the web-based management interface of the affected system. An attacker could exploit this vulnerability by accessing features through direct requests, bypassing checks within the application. A successful exploit could allow the attacker to take privileged actions within the web-based management interface that should be otherwise restricted. {{value}} ["%7b%7bvalue%7d%7d"])}]]
{
"affected": [],
"aliases": [
"CVE-2022-20965"
],
"database_specific": {
"cwe_ids": [
"CWE-648"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-01-20T07:15:00Z",
"severity": "MODERATE"
},
"details": "A vulnerability in the web-based management interface of Cisco Identity Services Engine could allow an authenticated, remote attacker to take privileges actions within the web-based management interface. This vulnerability is due to improper access control on a feature within the web-based management interface of the affected system. An attacker could exploit this vulnerability by accessing features through direct requests, bypassing checks within the application. A successful exploit could allow the attacker to take privileged actions within the web-based management interface that should be otherwise restricted. {{value}} [\"%7b%7bvalue%7d%7d\"])}]]",
"id": "GHSA-h3gc-m3gf-r5pr",
"modified": "2023-01-26T18:30:47Z",
"published": "2023-01-20T09:30:31Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-20965"
},
{
"type": "WEB",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-7Q4TNYUx"
},
{
"type": "WEB",
"url": "https://yoroi.company/en/research/cve-advisory-full-disclosure-cisco-ise-multiple-vulnerabilities-rce-with-1-click"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"type": "CVSS_V3"
}
]
}
Mitigation
Before calling privileged APIs, always ensure that the assumptions made by the privileged code hold true prior to making the call.
Mitigation
Know architecture and implementation weaknesses of the privileged APIs and make sure to account for these weaknesses before calling the privileged APIs to ensure that they can be called safely.
Mitigation
If privileged APIs make certain assumptions about data, context or state validity that are passed by the caller, the calling code must ensure that these assumptions have been validated prior to making the call.
Mitigation
If privileged APIs do not shed their privilege prior to returning to the calling code, then calling code needs to shed these privileges immediately and safely right after the call to the privileged APIs. In particular, the calling code needs to ensure that a privileged thread of execution will never be returned to the user or made available to user-controlled processes.
Mitigation
Only call privileged APIs from safe, consistent and expected state.
Mitigation
Ensure that a failure or an error will not leave a system in a state where privileges are not properly shed and privilege escalation is possible (i.e. fail securely with regards to handling of privileges).
CAPEC-107: Cross Site Tracing
Cross Site Tracing (XST) enables an adversary to steal the victim's session cookie and possibly other authentication credentials transmitted in the header of the HTTP request when the victim's browser communicates to a destination system's web server.
CAPEC-234: Hijacking a privileged process
An adversary gains control of a process that is assigned elevated privileges in order to execute arbitrary code with those privileges. Some processes are assigned elevated privileges on an operating system, usually through association with a particular user, group, or role. If an attacker can hijack this process, they will be able to assume its level of privilege in order to execute their own code.