Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-266 (特权授予不正确) — Vulnerability Class 382

382 vulnerabilities classified as CWE-266 (特权授予不正确). AI Chinese analysis included.

CWE-266 represents a critical access control weakness where software incorrectly assigns privileges to an actor, granting them an unintended sphere of control. This flaw typically arises from flawed logic in role-based or discretionary access control mechanisms, allowing users to perform actions beyond their authorized scope. Attackers exploit this by manipulating input parameters or session tokens to escalate privileges, effectively bypassing security boundaries to access sensitive data or execute administrative functions. To prevent such vulnerabilities, developers must implement robust, centralized authorization checks that verify permissions at every critical point of execution rather than relying on client-side validations. Adhering to the principle of least privilege ensures that actors receive only the minimum access necessary for their specific tasks. Rigorous code reviews and automated security testing further help identify incorrect privilege assignments before deployment, maintaining strict integrity over system resources.

MITRE CWE Description
A product incorrectly assigns a privilege to a particular actor, creating an unintended sphere of control for that actor.
Common Consequences (1)
Access ControlGain Privileges or Assume Identity
A user can access restricted functionality and/or sensitive information that may include administrative functionality and user accounts.
Mitigations (2)
Architecture and Design, OperationVery carefully manage the setting, management, and handling of privileges. Explicitly manage trust zones in the software.
Architecture and Design, OperationRun your code using the lowest privileges that are required to accomplish the necessary tasks [REF-76]. If possible, create isolated accounts with limited privileges that are only used for a single task. That way, a successful attack will not immediately give the attacker access to the rest of the software or its environment. For example, database applications rarely need to run as the database ad…
Examples (2)
The following example demonstrates the weakness.
seteuid(0); /* do some stuff */ seteuid(getuid());
Bad · C
The following example demonstrates the weakness.
AccessController.doPrivileged(new PrivilegedAction() { public Object run() { // privileged code goes here, for example: System.loadLibrary("awt"); return null; // nothing to return }
Bad · Java
CVE IDTitleCVSSSeverityPublished
CVE-2022-20819 Cisco Identity Services Engine Sensitive Information Disclosure Vulnerability — Cisco Identity Services Engine Software 6.5 Medium2022-06-15
CVE-2022-20759 Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software Web Services Interface Privilege Escalation Vulnerability — Cisco Adaptive Security Appliance (ASA) Software 8.8 High2022-05-03
CVE-2022-20681 Cisco IOS XE Software for Cisco Catalyst 9000 Family Switches and Catalyst 9000 Family Wireless Controllers Privilege Escalation Vulnerability — Cisco IOS XE Software 7.8 High2022-04-15
CVE-2022-20782 Cisco Identity Services Engine Sensitive Information Disclosure Vulnerability — Cisco Identity Services Engine Software 6.5 Medium2022-04-06
CVE-2022-1225 Incorrect Privilege Assignment in phpipam/phpipam — phpipam/phpipam 6.5 -2022-04-04
CVE-2021-40124 Cisco AnyConnect Secure Mobility Client for Windows with Network Access Manager Module Privilege Escalation Vulnerability — Cisco AnyConnect Secure Mobility Client 6.7 Medium2021-11-04
CVE-2021-40123 Cisco Identity Services Engine File Download Vulnerability — Cisco Identity Services Engine Software 4.3 Medium2021-10-21
CVE-2021-36097 Agents are able to lock the ticket without the "Owner" permission — OTRS 3.5 Low2021-10-18
CVE-2021-1594 Cisco Identity Services Engine Privilege Escalation Vulnerability — Cisco Identity Services Engine Software 7.5 High2021-10-06
CVE-2021-20264 Red Hat ubi8/openjdk-11 安全漏洞 — containers/openjdk 7.8 -2021-10-06
CVE-2021-1572 ConfD CLI Secure Shell Server Privilege Escalation Vulnerability — Cisco ConfD 7.8 High2021-08-04
CVE-2020-1742 Kubernetes 安全漏洞 — nmstate/kubernetes-nmstate-handler 7.0 -2021-06-07
CVE-2020-35514 OpenShift 安全漏洞 — openshift/machine-config-operator 7.0 -2021-06-02
CVE-2020-10695 Red Hat Single Sign-On 安全漏洞 — containers/redhat-sso-7 7.8 -2021-05-26
CVE-2021-20208 SUSE Linux Enterprise Server 安全漏洞 — cifs-utils 6.4 -2021-04-19
CVE-2019-19354 Red Hat Openshift 安全漏洞 — operator-framework/hadoop 7.8 -2021-03-24
CVE-2019-19353 Red Hat OpenShift Container Platform 安全漏洞 — operator-framework/hive 7.0 -2021-03-24
CVE-2019-19352 Red Hat Openshift 安全漏洞 — operator-framework/presto 7.0 -2021-03-24
CVE-2019-19350 Red Hat OpenShift Container Platform 安全漏洞 — openshift/ansible-service-broker 7.8 -2021-03-24
CVE-2019-19349 Red Hat OpenShift Container Platform 安全漏洞 — operator-framework/operator-metering 7.8 -2021-03-24
CVE-2021-1412 Cisco Identity Services Engine Sensitive Information Disclosure Vulnerabilities — Cisco Identity Services Engine Software 6.5 Medium2021-02-17
CVE-2021-1416 Cisco Identity Services Engine Sensitive Information Disclosure Vulnerabilities — Cisco Identity Services Engine Software 6.5 Medium2021-02-17
CVE-2020-16120 Unprivileged overlay + shiftfs read access — Linux kernel 5.1 Medium2021-02-10
CVE-2021-1303 Cisco DNA Center Privilege Escalation Vulnerability — Cisco Digital Network Architecture Center (DNA Center) 8.8 -2021-01-20
CVE-2020-14318 Samba 安全漏洞 — samba 4.3 -2020-12-03
CVE-2020-27122 Cisco Identity Services Engine Privilege Escalation Vulnerability — Cisco Identity Services Engine Software 6.7 -2020-11-06
CVE-2020-26182 Dell EMC NetWorker 安全漏洞 — NetWorker 6.8 Medium2020-10-16
CVE-2020-7334 Improper privilege assignment vulnerability in the installer component of MACC — McAfee Application and Change Control (MACC) 7.7 High2020-10-15
CVE-2020-7018 Elasticsearch Elastic Enterprise Search 安全漏洞 — Elastic Enterprise Search 8.8 -2020-08-18
CVE-2020-7014 Elasticsearch 安全漏洞 — Elasticsearch 8.8 -2020-06-03

Vulnerabilities classified as CWE-266 (特权授予不正确) represent 382 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.