Common Weakness Enumeration

CWE-923

Allowed-with-Review

Improper Restriction of Communication Channel to Intended Endpoints

Abstraction: Class · Status: Incomplete

The product establishes a communication channel to (or from) an endpoint for privileged or protected operations, but it does not properly ensure that it is communicating with the correct endpoint.

112 vulnerabilities reference this CWE, most recent first.

GHSA-MF72-879W-MMHR

Vulnerability from github – Published: 2025-08-12 18:31 – Updated: 2025-08-12 18:31
VLAI
Details

Improper restriction of communication channel to intended endpoints in Windows Hyper-V allows an authorized attacker to execute code locally.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-48807"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-923"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-08-12T18:15:28Z",
    "severity": "HIGH"
  },
  "details": "Improper restriction of communication channel to intended endpoints in Windows Hyper-V allows an authorized attacker to execute code locally.",
  "id": "GHSA-mf72-879w-mmhr",
  "modified": "2025-08-12T18:31:30Z",
  "published": "2025-08-12T18:31:30Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-48807"
    },
    {
      "type": "WEB",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-48807"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-MFJ5-2M3J-P83G

Vulnerability from github – Published: 2025-06-12 06:30 – Updated: 2025-06-12 06:30
VLAI
Details

Improper restriction of communication channel to intended endpoints issue exists in UpdateNavi V1.4 L10 to L33 and UpdateNaviInstallService Service 1.2.0091 to 1.2.0125. If a local authenticated attacker send malicious data, an arbitrary registry value may be modified or arbitrary code may be executed.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-35978"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-923"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-06-12T06:15:23Z",
    "severity": "MODERATE"
  },
  "details": "Improper restriction of communication channel to intended endpoints issue exists in UpdateNavi V1.4 L10 to L33 and UpdateNaviInstallService Service 1.2.0091 to 1.2.0125. If a local authenticated attacker send malicious data, an arbitrary registry value may be modified or arbitrary code may be executed.",
  "id": "GHSA-mfj5-2m3j-p83g",
  "modified": "2025-06-12T06:30:28Z",
  "published": "2025-06-12T06:30:28Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-35978"
    },
    {
      "type": "WEB",
      "url": "https://azby.fmworld.net/support/security/information/updatenavi202506"
    },
    {
      "type": "WEB",
      "url": "https://jvn.jp/en/jp/JVN17860456"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-MFQW-44WG-MRPF

Vulnerability from github – Published: 2024-07-08 12:31 – Updated: 2024-07-11 15:30
VLAI
Details

The interactive service in OpenVPN 2.6.9 and earlier allows the OpenVPN service pipe to be accessed remotely, which allows a remote attacker to interact with the privileged OpenVPN interactive service.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-24974"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-923"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-07-08T11:15:10Z",
    "severity": "HIGH"
  },
  "details": "The interactive service in OpenVPN 2.6.9 and earlier allows the OpenVPN service pipe to be accessed remotely, which allows a remote attacker to interact with the privileged OpenVPN interactive service.",
  "id": "GHSA-mfqw-44wg-mrpf",
  "modified": "2024-07-11T15:30:44Z",
  "published": "2024-07-08T12:31:05Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-24974"
    },
    {
      "type": "WEB",
      "url": "https://community.openvpn.net/openvpn/wiki/CVE-2024-24974"
    },
    {
      "type": "WEB",
      "url": "https://openvpn.net/security-advisory/ovpnx-vulnerability-cve-2024-27903-cve-2024-27459-cve-2024-24974"
    },
    {
      "type": "WEB",
      "url": "https://www.mail-archive.com/openvpn-users@lists.sourceforge.net/msg07534.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-MP2W-H9WF-5497

Vulnerability from github – Published: 2025-06-10 18:32 – Updated: 2025-06-10 18:32
VLAI
Details

An improper restriction of communication channel to intended endpoints vulnerability [CWE-923] in FortiOS 7.6.0, 7.4.0 through 7.4.5, 7.2 all versions, 7.0 all versions, 6.4 all versions may allow an unauthenticated attacker to inject unauthorized sessions via crafted FGSP session synchronization packets.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-22251"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-923"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-06-10T17:21:08Z",
    "severity": "LOW"
  },
  "details": "An improper restriction of communication channel to intended endpoints vulnerability [CWE-923] in FortiOS 7.6.0, 7.4.0 through 7.4.5, 7.2 all versions, 7.0 all versions, 6.4 all versions may allow an unauthenticated attacker to inject unauthorized sessions via crafted FGSP session synchronization packets.",
  "id": "GHSA-mp2w-h9wf-5497",
  "modified": "2025-06-10T18:32:27Z",
  "published": "2025-06-10T18:32:27Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-22251"
    },
    {
      "type": "WEB",
      "url": "https://fortiguard.fortinet.com/psirt/FG-IR-24-287"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-P2RF-F8C4-3WPM

Vulnerability from github – Published: 2024-02-15 15:30 – Updated: 2024-02-15 15:30
VLAI
Details

Dell OS10 Networking Switches running 10.5.2.x and above contain a vulnerability with zeroMQ when VLT is configured. A remote unauthenticated attacker could potentially exploit this vulnerability leading to information disclosure and a possible Denial of Service when a huge number of requests are sent to the switch. This is a high severity vulnerability as it allows an attacker to view sensitive data. Dell recommends customers to upgrade at the earliest opportunity.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-28078"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-923"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-02-15T13:15:44Z",
    "severity": "CRITICAL"
  },
  "details": "\nDell OS10 Networking Switches running 10.5.2.x and above contain a vulnerability with zeroMQ when VLT is configured. A remote unauthenticated attacker could potentially exploit this vulnerability leading to information disclosure and a possible Denial of Service when a huge number of requests are sent to the switch. This is a high severity vulnerability as it allows an attacker to view sensitive data. Dell recommends customers to upgrade at the earliest opportunity.\n\n",
  "id": "GHSA-p2rf-f8c4-3wpm",
  "modified": "2024-02-15T15:30:26Z",
  "published": "2024-02-15T15:30:26Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-28078"
    },
    {
      "type": "WEB",
      "url": "https://www.dell.com/support/kbdoc/en-us/000216584/dsa-2023-124-security-update-for-dell-smartfabric-os10-multiple-vulnerabilities"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-Q6Q7-9HJ5-2656

Vulnerability from github – Published: 2025-04-29 18:30 – Updated: 2025-04-29 18:30
VLAI
Details

CWE-923: Improper Restriction of Communication Channel to Intended Endpoints

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-23178"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-923"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-04-29T16:15:30Z",
    "severity": "HIGH"
  },
  "details": "CWE-923: Improper Restriction of Communication Channel to Intended Endpoints",
  "id": "GHSA-q6q7-9hj5-2656",
  "modified": "2025-04-29T18:30:58Z",
  "published": "2025-04-29T18:30:58Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-23178"
    },
    {
      "type": "WEB",
      "url": "https://www.gov.il/en/departments/dynamiccollectors/cve_advisories_listing?skip=0"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-Q77P-WFV8-75PP

Vulnerability from github – Published: 2025-09-09 18:31 – Updated: 2025-09-09 18:31
VLAI
Details

Improper restriction of communication channel to intended endpoints in Windows PowerShell allows an authorized attacker to elevate privileges locally.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-49734"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-923"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-09-09T17:15:48Z",
    "severity": "HIGH"
  },
  "details": "Improper restriction of communication channel to intended endpoints in Windows PowerShell allows an authorized attacker to elevate privileges locally.",
  "id": "GHSA-q77p-wfv8-75pp",
  "modified": "2025-09-09T18:31:19Z",
  "published": "2025-09-09T18:31:19Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-49734"
    },
    {
      "type": "WEB",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-49734"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-QPWC-P365-PQRR

Vulnerability from github – Published: 2022-05-14 02:19 – Updated: 2025-04-14 21:05
VLAI
Summary
OpenStack Neutron allows remote attackers to bypass an intended DHCP-spoofing protection mechanism
Details

The IPTables firewall in OpenStack Neutron before 7.0.4 and 8.0.0 through 8.1.0 allows remote attackers to bypass an intended DHCP-spoofing protection mechanism and consequently cause a denial of service or intercept network traffic via a crafted DHCP discovery message.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "neutron"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "7.0.5"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "neutron"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "8.0.0"
            },
            {
              "fixed": "8.1.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2016-5362"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-923"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2025-04-14T20:58:57Z",
    "nvd_published_at": "2016-06-17T15:59:00Z",
    "severity": "HIGH"
  },
  "details": "The IPTables firewall in OpenStack Neutron before 7.0.4 and 8.0.0 through 8.1.0 allows remote attackers to bypass an intended DHCP-spoofing protection mechanism and consequently cause a denial of service or intercept network traffic via a crafted DHCP discovery message.",
  "id": "GHSA-qpwc-p365-pqrr",
  "modified": "2025-04-14T21:05:49Z",
  "published": "2022-05-14T02:19:49Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-5362"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2016:1473"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2016:1474"
    },
    {
      "type": "WEB",
      "url": "https://bugs.launchpad.net/neutron/+bug/1558658"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/openstack/neutron"
    },
    {
      "type": "WEB",
      "url": "https://review.openstack.org/#/c/300202"
    },
    {
      "type": "WEB",
      "url": "https://review.openstack.org/#/c/303563"
    },
    {
      "type": "WEB",
      "url": "https://review.openstack.org/#/c/303572"
    },
    {
      "type": "WEB",
      "url": "https://security.openstack.org/ossa/OSSA-2016-009.html"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2016/06/10/5"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2016/06/10/6"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "OpenStack Neutron allows remote attackers to bypass an intended DHCP-spoofing protection mechanism"
}

GHSA-R3G9-3R7F-GG8R

Vulnerability from github – Published: 2025-05-02 15:31 – Updated: 2025-05-02 15:31
VLAI
Details

An issue was discovered on goTenna v1 devices with app 5.5.3 and firmware 0.25.5. All packets sent over RF are also sent over UART with USB Shell, allowing someone with local access to gain information about the protocol and intercept sensitive data.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-32886"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-923"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-05-01T18:15:55Z",
    "severity": "MODERATE"
  },
  "details": "An issue was discovered on goTenna v1 devices with app 5.5.3 and firmware 0.25.5. All packets sent over RF are also sent over UART with USB Shell, allowing someone with local access to gain information about the protocol and intercept sensitive data.",
  "id": "GHSA-r3g9-3r7f-gg8r",
  "modified": "2025-05-02T15:31:44Z",
  "published": "2025-05-02T15:31:44Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-32886"
    },
    {
      "type": "WEB",
      "url": "https://github.com/Dollarhyde/goTenna_v1_and_Mesh_vulnerabilities"
    },
    {
      "type": "WEB",
      "url": "https://gotenna.com"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-R6F6-7CF6-C3CG

Vulnerability from github – Published: 2026-02-26 21:31 – Updated: 2026-02-27 18:31
VLAI
Details

VMWare Workstation and Fusion contain a logic flaw in the management of network packets. 

Known attack vectors: A malicious actor with administrative privileges on a Guest VM may be able to interrupt or intercept network connections of other Guest VM's. 

Resolution: To remediate CVE-2026-22715 please upgrade to VMware Workstation or Fusion Version 25H2U1

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-22715"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-923"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-02-26T19:32:37Z",
    "severity": "MODERATE"
  },
  "details": "VMWare Workstation and Fusion contain a logic flaw in the management of network packets.\u00a0\n\nKnown attack vectors: A malicious actor with administrative privileges on a Guest VM may be able to interrupt or intercept network connections of other Guest VM\u0027s.\u00a0\n\nResolution: To remediate CVE-2026-22715 please upgrade to VMware Workstation or Fusion Version 25H2U1",
  "id": "GHSA-r6f6-7cf6-c3cg",
  "modified": "2026-02-27T18:31:04Z",
  "published": "2026-02-26T21:31:30Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-22715"
    },
    {
      "type": "WEB",
      "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36986"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:L",
      "type": "CVSS_V3"
    }
  ]
}

No mitigation information available for this CWE.

CAPEC-161: Infrastructure Manipulation

An attacker exploits characteristics of the infrastructure of a network entity in order to perpetrate attacks or information gathering on network objects or effect a change in the ordinary information flow between network objects. Most often, this involves manipulation of the routing of network messages so, instead of arriving at their proper destination, they are directed towards an entity of the attackers' choosing, usually a server controlled by the attacker. The victim is often unaware that their messages are not being processed correctly. For example, a targeted client may believe they are connecting to their own bank but, in fact, be connecting to a Pharming site controlled by the attacker which then collects the user's login information in order to hijack the actual bank account.

CAPEC-481: Contradictory Destinations in Traffic Routing Schemes

Adversaries can provide contradictory destinations when sending messages. Traffic is routed in networks using the domain names in various headers available at different levels of the OSI model. In a Content Delivery Network (CDN) multiple domains might be available, and if there are contradictory domain names provided it is possible to route traffic to an inappropriate destination. The technique, called Domain Fronting, involves using different domain names in the SNI field of the TLS header and the Host field of the HTTP header. An alternative technique, called Domainless Fronting, is similar, but the SNI field is left blank.

CAPEC-501: Android Activity Hijack

An adversary intercepts an implicit intent sent to launch a Android-based trusted activity and instead launches a counterfeit activity in its place. The malicious activity is then used to mimic the trusted activity's user interface and prompt the target to enter sensitive data as if they were interacting with the trusted activity.

CAPEC-697: DHCP Spoofing

An adversary masquerades as a legitimate Dynamic Host Configuration Protocol (DHCP) server by spoofing DHCP traffic, with the goal of redirecting network traffic or denying service to DHCP.