CWE-923
Allowed-with-ReviewImproper Restriction of Communication Channel to Intended Endpoints
Abstraction: Class · Status: Incomplete
The product establishes a communication channel to (or from) an endpoint for privileged or protected operations, but it does not properly ensure that it is communicating with the correct endpoint.
112 vulnerabilities reference this CWE, most recent first.
GHSA-MF72-879W-MMHR
Vulnerability from github – Published: 2025-08-12 18:31 – Updated: 2025-08-12 18:31Improper restriction of communication channel to intended endpoints in Windows Hyper-V allows an authorized attacker to execute code locally.
{
"affected": [],
"aliases": [
"CVE-2025-48807"
],
"database_specific": {
"cwe_ids": [
"CWE-923"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-08-12T18:15:28Z",
"severity": "HIGH"
},
"details": "Improper restriction of communication channel to intended endpoints in Windows Hyper-V allows an authorized attacker to execute code locally.",
"id": "GHSA-mf72-879w-mmhr",
"modified": "2025-08-12T18:31:30Z",
"published": "2025-08-12T18:31:30Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-48807"
},
{
"type": "WEB",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-48807"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-MFJ5-2M3J-P83G
Vulnerability from github – Published: 2025-06-12 06:30 – Updated: 2025-06-12 06:30Improper restriction of communication channel to intended endpoints issue exists in UpdateNavi V1.4 L10 to L33 and UpdateNaviInstallService Service 1.2.0091 to 1.2.0125. If a local authenticated attacker send malicious data, an arbitrary registry value may be modified or arbitrary code may be executed.
{
"affected": [],
"aliases": [
"CVE-2025-35978"
],
"database_specific": {
"cwe_ids": [
"CWE-923"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-06-12T06:15:23Z",
"severity": "MODERATE"
},
"details": "Improper restriction of communication channel to intended endpoints issue exists in UpdateNavi V1.4 L10 to L33 and UpdateNaviInstallService Service 1.2.0091 to 1.2.0125. If a local authenticated attacker send malicious data, an arbitrary registry value may be modified or arbitrary code may be executed.",
"id": "GHSA-mfj5-2m3j-p83g",
"modified": "2025-06-12T06:30:28Z",
"published": "2025-06-12T06:30:28Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-35978"
},
{
"type": "WEB",
"url": "https://azby.fmworld.net/support/security/information/updatenavi202506"
},
{
"type": "WEB",
"url": "https://jvn.jp/en/jp/JVN17860456"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-MFQW-44WG-MRPF
Vulnerability from github – Published: 2024-07-08 12:31 – Updated: 2024-07-11 15:30The interactive service in OpenVPN 2.6.9 and earlier allows the OpenVPN service pipe to be accessed remotely, which allows a remote attacker to interact with the privileged OpenVPN interactive service.
{
"affected": [],
"aliases": [
"CVE-2024-24974"
],
"database_specific": {
"cwe_ids": [
"CWE-923"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-07-08T11:15:10Z",
"severity": "HIGH"
},
"details": "The interactive service in OpenVPN 2.6.9 and earlier allows the OpenVPN service pipe to be accessed remotely, which allows a remote attacker to interact with the privileged OpenVPN interactive service.",
"id": "GHSA-mfqw-44wg-mrpf",
"modified": "2024-07-11T15:30:44Z",
"published": "2024-07-08T12:31:05Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-24974"
},
{
"type": "WEB",
"url": "https://community.openvpn.net/openvpn/wiki/CVE-2024-24974"
},
{
"type": "WEB",
"url": "https://openvpn.net/security-advisory/ovpnx-vulnerability-cve-2024-27903-cve-2024-27459-cve-2024-24974"
},
{
"type": "WEB",
"url": "https://www.mail-archive.com/openvpn-users@lists.sourceforge.net/msg07534.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-MP2W-H9WF-5497
Vulnerability from github – Published: 2025-06-10 18:32 – Updated: 2025-06-10 18:32An improper restriction of communication channel to intended endpoints vulnerability [CWE-923] in FortiOS 7.6.0, 7.4.0 through 7.4.5, 7.2 all versions, 7.0 all versions, 6.4 all versions may allow an unauthenticated attacker to inject unauthorized sessions via crafted FGSP session synchronization packets.
{
"affected": [],
"aliases": [
"CVE-2025-22251"
],
"database_specific": {
"cwe_ids": [
"CWE-923"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-06-10T17:21:08Z",
"severity": "LOW"
},
"details": "An improper restriction of communication channel to intended endpoints vulnerability [CWE-923] in FortiOS 7.6.0, 7.4.0 through 7.4.5, 7.2 all versions, 7.0 all versions, 6.4 all versions may allow an unauthenticated attacker to inject unauthorized sessions via crafted FGSP session synchronization packets.",
"id": "GHSA-mp2w-h9wf-5497",
"modified": "2025-06-10T18:32:27Z",
"published": "2025-06-10T18:32:27Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-22251"
},
{
"type": "WEB",
"url": "https://fortiguard.fortinet.com/psirt/FG-IR-24-287"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-P2RF-F8C4-3WPM
Vulnerability from github – Published: 2024-02-15 15:30 – Updated: 2024-02-15 15:30Dell OS10 Networking Switches running 10.5.2.x and above contain a vulnerability with zeroMQ when VLT is configured. A remote unauthenticated attacker could potentially exploit this vulnerability leading to information disclosure and a possible Denial of Service when a huge number of requests are sent to the switch. This is a high severity vulnerability as it allows an attacker to view sensitive data. Dell recommends customers to upgrade at the earliest opportunity.
{
"affected": [],
"aliases": [
"CVE-2023-28078"
],
"database_specific": {
"cwe_ids": [
"CWE-923"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-02-15T13:15:44Z",
"severity": "CRITICAL"
},
"details": "\nDell OS10 Networking Switches running 10.5.2.x and above contain a vulnerability with zeroMQ when VLT is configured. A remote unauthenticated attacker could potentially exploit this vulnerability leading to information disclosure and a possible Denial of Service when a huge number of requests are sent to the switch. This is a high severity vulnerability as it allows an attacker to view sensitive data. Dell recommends customers to upgrade at the earliest opportunity.\n\n",
"id": "GHSA-p2rf-f8c4-3wpm",
"modified": "2024-02-15T15:30:26Z",
"published": "2024-02-15T15:30:26Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-28078"
},
{
"type": "WEB",
"url": "https://www.dell.com/support/kbdoc/en-us/000216584/dsa-2023-124-security-update-for-dell-smartfabric-os10-multiple-vulnerabilities"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-Q6Q7-9HJ5-2656
Vulnerability from github – Published: 2025-04-29 18:30 – Updated: 2025-04-29 18:30CWE-923: Improper Restriction of Communication Channel to Intended Endpoints
{
"affected": [],
"aliases": [
"CVE-2025-23178"
],
"database_specific": {
"cwe_ids": [
"CWE-923"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-04-29T16:15:30Z",
"severity": "HIGH"
},
"details": "CWE-923: Improper Restriction of Communication Channel to Intended Endpoints",
"id": "GHSA-q6q7-9hj5-2656",
"modified": "2025-04-29T18:30:58Z",
"published": "2025-04-29T18:30:58Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-23178"
},
{
"type": "WEB",
"url": "https://www.gov.il/en/departments/dynamiccollectors/cve_advisories_listing?skip=0"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-Q77P-WFV8-75PP
Vulnerability from github – Published: 2025-09-09 18:31 – Updated: 2025-09-09 18:31Improper restriction of communication channel to intended endpoints in Windows PowerShell allows an authorized attacker to elevate privileges locally.
{
"affected": [],
"aliases": [
"CVE-2025-49734"
],
"database_specific": {
"cwe_ids": [
"CWE-923"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-09-09T17:15:48Z",
"severity": "HIGH"
},
"details": "Improper restriction of communication channel to intended endpoints in Windows PowerShell allows an authorized attacker to elevate privileges locally.",
"id": "GHSA-q77p-wfv8-75pp",
"modified": "2025-09-09T18:31:19Z",
"published": "2025-09-09T18:31:19Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-49734"
},
{
"type": "WEB",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-49734"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-QPWC-P365-PQRR
Vulnerability from github – Published: 2022-05-14 02:19 – Updated: 2025-04-14 21:05The IPTables firewall in OpenStack Neutron before 7.0.4 and 8.0.0 through 8.1.0 allows remote attackers to bypass an intended DHCP-spoofing protection mechanism and consequently cause a denial of service or intercept network traffic via a crafted DHCP discovery message.
{
"affected": [
{
"package": {
"ecosystem": "PyPI",
"name": "neutron"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "7.0.5"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "neutron"
},
"ranges": [
{
"events": [
{
"introduced": "8.0.0"
},
{
"fixed": "8.1.1"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2016-5362"
],
"database_specific": {
"cwe_ids": [
"CWE-923"
],
"github_reviewed": true,
"github_reviewed_at": "2025-04-14T20:58:57Z",
"nvd_published_at": "2016-06-17T15:59:00Z",
"severity": "HIGH"
},
"details": "The IPTables firewall in OpenStack Neutron before 7.0.4 and 8.0.0 through 8.1.0 allows remote attackers to bypass an intended DHCP-spoofing protection mechanism and consequently cause a denial of service or intercept network traffic via a crafted DHCP discovery message.",
"id": "GHSA-qpwc-p365-pqrr",
"modified": "2025-04-14T21:05:49Z",
"published": "2022-05-14T02:19:49Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-5362"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2016:1473"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2016:1474"
},
{
"type": "WEB",
"url": "https://bugs.launchpad.net/neutron/+bug/1558658"
},
{
"type": "PACKAGE",
"url": "https://github.com/openstack/neutron"
},
{
"type": "WEB",
"url": "https://review.openstack.org/#/c/300202"
},
{
"type": "WEB",
"url": "https://review.openstack.org/#/c/303563"
},
{
"type": "WEB",
"url": "https://review.openstack.org/#/c/303572"
},
{
"type": "WEB",
"url": "https://security.openstack.org/ossa/OSSA-2016-009.html"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2016/06/10/5"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2016/06/10/6"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H",
"type": "CVSS_V3"
}
],
"summary": "OpenStack Neutron allows remote attackers to bypass an intended DHCP-spoofing protection mechanism"
}
GHSA-R3G9-3R7F-GG8R
Vulnerability from github – Published: 2025-05-02 15:31 – Updated: 2025-05-02 15:31An issue was discovered on goTenna v1 devices with app 5.5.3 and firmware 0.25.5. All packets sent over RF are also sent over UART with USB Shell, allowing someone with local access to gain information about the protocol and intercept sensitive data.
{
"affected": [],
"aliases": [
"CVE-2025-32886"
],
"database_specific": {
"cwe_ids": [
"CWE-923"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-05-01T18:15:55Z",
"severity": "MODERATE"
},
"details": "An issue was discovered on goTenna v1 devices with app 5.5.3 and firmware 0.25.5. All packets sent over RF are also sent over UART with USB Shell, allowing someone with local access to gain information about the protocol and intercept sensitive data.",
"id": "GHSA-r3g9-3r7f-gg8r",
"modified": "2025-05-02T15:31:44Z",
"published": "2025-05-02T15:31:44Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-32886"
},
{
"type": "WEB",
"url": "https://github.com/Dollarhyde/goTenna_v1_and_Mesh_vulnerabilities"
},
{
"type": "WEB",
"url": "https://gotenna.com"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-R6F6-7CF6-C3CG
Vulnerability from github – Published: 2026-02-26 21:31 – Updated: 2026-02-27 18:31VMWare Workstation and Fusion contain a logic flaw in the management of network packets.
Known attack vectors: A malicious actor with administrative privileges on a Guest VM may be able to interrupt or intercept network connections of other Guest VM's.
Resolution: To remediate CVE-2026-22715 please upgrade to VMware Workstation or Fusion Version 25H2U1
{
"affected": [],
"aliases": [
"CVE-2026-22715"
],
"database_specific": {
"cwe_ids": [
"CWE-923"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-02-26T19:32:37Z",
"severity": "MODERATE"
},
"details": "VMWare Workstation and Fusion contain a logic flaw in the management of network packets.\u00a0\n\nKnown attack vectors: A malicious actor with administrative privileges on a Guest VM may be able to interrupt or intercept network connections of other Guest VM\u0027s.\u00a0\n\nResolution: To remediate CVE-2026-22715 please upgrade to VMware Workstation or Fusion Version 25H2U1",
"id": "GHSA-r6f6-7cf6-c3cg",
"modified": "2026-02-27T18:31:04Z",
"published": "2026-02-26T21:31:30Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-22715"
},
{
"type": "WEB",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36986"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:L",
"type": "CVSS_V3"
}
]
}
No mitigation information available for this CWE.
CAPEC-161: Infrastructure Manipulation
An attacker exploits characteristics of the infrastructure of a network entity in order to perpetrate attacks or information gathering on network objects or effect a change in the ordinary information flow between network objects. Most often, this involves manipulation of the routing of network messages so, instead of arriving at their proper destination, they are directed towards an entity of the attackers' choosing, usually a server controlled by the attacker. The victim is often unaware that their messages are not being processed correctly. For example, a targeted client may believe they are connecting to their own bank but, in fact, be connecting to a Pharming site controlled by the attacker which then collects the user's login information in order to hijack the actual bank account.
CAPEC-481: Contradictory Destinations in Traffic Routing Schemes
Adversaries can provide contradictory destinations when sending messages. Traffic is routed in networks using the domain names in various headers available at different levels of the OSI model. In a Content Delivery Network (CDN) multiple domains might be available, and if there are contradictory domain names provided it is possible to route traffic to an inappropriate destination. The technique, called Domain Fronting, involves using different domain names in the SNI field of the TLS header and the Host field of the HTTP header. An alternative technique, called Domainless Fronting, is similar, but the SNI field is left blank.
CAPEC-501: Android Activity Hijack
An adversary intercepts an implicit intent sent to launch a Android-based trusted activity and instead launches a counterfeit activity in its place. The malicious activity is then used to mimic the trusted activity's user interface and prompt the target to enter sensitive data as if they were interacting with the trusted activity.
CAPEC-697: DHCP Spoofing
An adversary masquerades as a legitimate Dynamic Host Configuration Protocol (DHCP) server by spoofing DHCP traffic, with the goal of redirecting network traffic or denying service to DHCP.