CWE-269

Medium likelihood

Improper Privilege Management

Parent: CWE-284 - Improper Access Control

The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

2,836 vulnerabilities with CWE-269
CVE-2020-26077 MEDIUM
Cisco IoT Field Network Director < 4.6.1 - Authenticated Improper Access Control via API Request
CVSS 4.3
CVE-2020-26072 HIGH
Cisco IoT Field Network Director < 4.6.1 - Authenticated Improper Access Control via SOAP API
CVSS 8.7
CVE-2020-8269 HIGH
Citrix Virtual Apps and Desktops < 2009, 1912 LTSR CU1, 7.15 LTSR CU6, 7.6 LTSR CU9 - Privilege Escalation to SYSTEM
CVSS 8.8
CVE-2020-13638 CRITICAL
rconfig 3.9.0-3.9.6 - Unauthenticated Authentication Bypass and Administrator Account Creation
CVSS 9.8
CVE-2020-2022 HIGH
Palo Alto Networks PAN-OS 8.1 < 8.1.17 - Privilege Escalation via Context Switch Token Exposure
CVSS 7.5
CVE-2020-16993 MEDIUM
Azure Sphere < 20.08 - Elevation of Privilege
CVSS 5.4
CVE-2020-16126 LOW
accountsservice < 0.6.55 - Denial of Service via Improper Privilege Management
CVSS 3.3
CVE-2020-16122 HIGH
PackageKit - Improper Privilege Management via APT Backend
CVSS 8.2
CVE-2020-3600 HIGH
Cisco SD-WAN Software - Privilege Escalation
CVSS 7.8
CVE-2020-3595 HIGH
Cisco SD-WAN < 20.1.2 - Authenticated Privilege Escalation via Incorrect Command Permissions
CVSS 7.8
CVE-2020-3594 HIGH
Cisco SD-WAN < 20.1.2 - Authenticated Privilege Escalation via Command Options
CVSS 7.8
CVE-2020-3593 HIGH
Cisco SD-WAN < 20.1.2 - Authenticated Privilege Escalation via Crafted Utility Request
CVSS 7.8
CVE-2020-27122 MEDIUM
Cisco Identity Services Engine < 3.0.0 - Authenticated Privilege Escalation via Active Directory Integration
CVSS 6.7
CVE-2020-28046 HIGH
ProlinOS < 2.4.161.8859r - Local Privilege Escalation via xtables-multi ip6tables --modprobe
CVSS 7.8
CVE-2020-27655 MEDIUM
Synology Router Manager <1.2.4-8081 - Info Disclosure
CVSS 6.5
CVE-2020-27654 CRITICAL
Synology Router Manager <1.2.4-8081 - RCE
CVSS 9.8
CVE-2020-16262 HIGH
Winston 1.5.4 - Local Privilege Escalation via Overly Permissioned www-data User
CVSS 7.8
CVE-2020-7125 HIGH
Aruba Airwave Glass < 1.3.2 - Remote Privilege Escalation
CVSS 8.8
CVE-2020-24848 HIGH
FruityWifi < 2.4 - Local Privilege Escalation via Unsafe Sudo Configuration
CVSS 7.8
CVE-2020-7020 LOW
Elasticsearch < 6.8.13 - Document Disclosure via Complex Query Permission Bypass
CVSS 3.1
CVE-2020-9112 HIGH
Huawei Taurus-AN00B Firmware < 10.1.0.156(C00E155R7P2) - Privilege Escalation via Unrestricted Business Function Access
CVSS 7.8
CVE-2020-16940 HIGH
Windows - Privilege Escalation via User Profile Service Junction Point Handling
CVSS 7.8
CVE-2020-16902 HIGH
Windows - Privilege Escalation via Insecure Library Loading
CVSS 7.8
CVE-2020-7334 HIGH
McAfee Application and Change Control < 8.3.2 - Improper Privilege Assignment via MSI Installer
CVSS 7.7
CVE-2020-7330 HIGH
McAfee Total Protection < 4.0.176.1 - Privilege Escalation via Environment Variable Manipulation
CVSS 7.5
Details
Vulnerabilities 2,836
Exploit Likelihood Medium
Links
MITRE CWE Entry Search this CWE With Exploits