CWE-269

Medium likelihood

Improper Privilege Management

Parent: CWE-284 - Improper Access Control

The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

2,838 vulnerabilities with CWE-269
CVE-2017-7803 HIGH
Redhat Enterprise Linux Desktop - Improper Privilege Management
CVSS 7.5
CVE-2017-7782 MEDIUM
Firefox < 55 and Thunderbird < 52.3 - DEP Bypass via WindowsDllDetourPatcher
CVSS 5.3
CVE-2017-7767 MEDIUM
Firefox < 54 - Unauthenticated Arbitrary File Overwrite via Maintenance Service
CVSS 5.5
CVE-2017-5409 MEDIUM
Mozilla Windows Updater - Local File Deletion
CVSS 5.5
CVE-2017-14187 MEDIUM
Fortinet FortiOS <5.6.3 - Privilege Escalation
CVSS 6.2
CVE-2017-0358 HIGH
Debian/Ubuntu ntfs-3g Local Privilege Escalation
CVSS 7.8
CVE-2017-5703 MEDIUM
Intel Xeon 5119T and Core i7 Processors - Denial of Service via SPI Flash Configuration
CVSS 6.0
CVE-2017-0935 HIGH
Ubiquiti Networks EdgeOS <1.9.1.1 - Privilege Escalation
CVSS 8.8
CVE-2017-0934 HIGH
Ubiquiti Networks EdgeOS <1.9.1 - Privilege Escalation
CVSS 8.8
CVE-2017-0932 HIGH
Ubiquiti Networks EdgeOS <1.9.1.1 - Privilege Escalation
CVSS 8.8
CVE-2017-5736 HIGH
Intel Software Guard Extensions Platform Software Component < 1.9.105.42329 - Privilege Escalation
CVSS 8.8
CVE-2017-8187 HIGH
Huawei FusionSphere OpenStack V100R006C00SPC102(NFV) - Privilege Escalation via Certificate Access
CVSS 7.2
CVE-2017-6152 MEDIUM
F5 BIG-IQ Centralized Management 5.1.0-5.2.0 - Improper Privilege Management via Access Manager Role
CVSS 6.7
CVE-2017-10690 MEDIUM
Puppet Agent < 5.3.4 and Puppet Enterprise < 2017.3.4 - Improper Privilege Management
CVSS 6.5
CVE-2017-10689 MEDIUM
Puppet < 5.3.4 and Puppet Enterprise < 2016.4.10 - Improper Privilege Management
CVSS 5.5
CVE-2017-15536 HIGH
Cloudera Data Science Workbench 1.0.0-1.1.9 - Authenticated Privilege Escalation
CVSS 8.8
CVE-2017-1493 MEDIUM
IBM UrbanCode Deploy 6.1-6.2 - Authenticated Improper Privilege Management
CVSS 5.4
CVE-2017-9944 CRITICAL
Siemens 7KT PAC1200 Data Manager < V2.03 - Unauthenticated Privilege Escalation via Web Server
CVSS 9.8
CVE-2017-5254 HIGH
Cambium Networks ePMP <3.5 - Privilege Escalation
CVSS 8.8
CVE-2017-14380 MEDIUM
EMC Isilon OneFS <8.1.0.0 - Privilege Escalation
CVSS 6.7
CVE-2017-11319 HIGH
Perspective ICM Investigation & Case 5.1.1.16 - Authenticated Privilege Escalation
CVSS 8.8
CVE-2017-17384 HIGH
ISPConfig 3.x <3.1.9 - Privilege Escalation
CVSS 8.8
CVE-2017-13165 MEDIUM
Android Kernel - Elevation of Privilege in File System
CVSS 5.3
CVE-2017-15055 HIGH
TeamPass < 2.1.27.9 - Authenticated Improper Privilege Management via items.queries.php
CVSS 8.1
CVE-2017-15053 MEDIUM
TeamPass < 2.1.27.9 - Authenticated Privilege Escalation via roles.queries.php ID Parameter Tampering
CVSS 4.9
Details
Vulnerabilities 2,838
Exploit Likelihood Medium
Links
MITRE CWE Entry Search this CWE With Exploits