Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-693 (保护机制失效) — Vulnerability Class 224

224 vulnerabilities classified as CWE-693 (保护机制失效). AI Chinese analysis included.

CWE-693 represents a critical vulnerability where software fails to implement or correctly utilize necessary security controls, leaving systems exposed to directed attacks. This weakness manifests in two primary forms: missing mechanisms, where no defense exists for a specific threat vector, and insufficient mechanisms, where existing safeguards are inadequate or improperly configured. Attackers typically exploit these gaps by bypassing authentication, escalating privileges, or accessing sensitive data that should have been restricted. To mitigate this risk, developers must conduct rigorous threat modeling to identify all potential attack surfaces and ensure comprehensive security controls are in place. Regular code reviews and automated security testing help verify that protection mechanisms function as intended. By adopting a defense-in-depth strategy and validating that every security feature is both present and robust, organizations can significantly reduce the likelihood of exploitation and maintain the integrity of their applications.

MITRE CWE Description
The product does not use or incorrectly uses a protection mechanism that provides sufficient defense against directed attacks against the product. This weakness covers three distinct situations. A "missing" protection mechanism occurs when the application does not define any mechanism against a certain class of attack. An "insufficient" protection mechanism might provide some defenses - for example, against the most common attacks - but it does not protect against everything that is intended. Finally, an "ignored" mechanism occurs when a mechanism is available and in active use within the product, but the developer has not applied it in some code path.
Common Consequences (1)
Access ControlBypass Protection Mechanism
CVE IDTitleCVSSSeverityPublished
CVE-2018-0297 Cisco Firepower Threat Defense detection引擎安全漏洞 — Cisco Firepower Threat Defense Software 5.8 -2018-05-17
CVE-2018-0326 Cisco TelePresence Server Software Web UI 安全漏洞 — Cisco TelePresence Server 6.1 -2018-05-17
CVE-2018-0250 多款Cisco设备Central Web Authentication 安全漏洞 — Cisco Aironet Access Points 4.1 -2018-05-02
CVE-2018-0243 Cisco Firepower System Software detection引擎安全漏洞 — Cisco Firepower System Software 5.8 -2018-04-19
CVE-2018-0244 Cisco Firepower System Software detection引擎安全漏洞 — Cisco Firepower System Software 5.8 -2018-04-19
CVE-2018-0254 Cisco Firepower System Software detection引擎安全漏洞 — Cisco Firepower System Software 5.3 -2018-04-19
CVE-2018-0198 Cisco Unified Communications Manager 信息泄露漏洞 — Cisco Unified Communications Manager 5.3 -2018-03-27
CVE-2018-7504 OSIsoft PI Vision 跨站脚本漏洞 — OSIsoft PI Vision 6.1 -2018-03-14
CVE-2018-1170 Volkswagen Customer-Link App和HTC Customer-Link Bridge 安全漏洞 — Volkswagen Customer-Link App 8.1 -2018-03-02
CVE-2018-0138 Cisco Firepower System Software detection引擎安全漏洞 — Cisco Firepower System Software 5.3 -2018-02-08
CVE-2018-0094 Cisco UCS Central Software 安全漏洞 — Cisco UCS Central Software 7.5 -2018-01-18
CVE-2017-3893 Incomplete vulnerability mitigations — QNX Software Development Platform (QNX SDP) 1.9 Low2017-11-14
CVE-2017-10952 Foxit Reader 安全漏洞 — Foxit Reader 8.8 -2017-08-29
CVE-2017-2685 Siemens SINUMERIK Integrate Operate Clients 安全漏洞 — SINUMERIK Integrate Operate Clients 2.x and 3.x 7.4 -2017-03-01

Vulnerabilities classified as CWE-693 (保护机制失效) represent 224 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.