Common Weakness Enumeration

CWE-923

Allowed-with-Review

Improper Restriction of Communication Channel to Intended Endpoints

Abstraction: Class · Status: Incomplete

The product establishes a communication channel to (or from) an endpoint for privileged or protected operations, but it does not properly ensure that it is communicating with the correct endpoint.

112 vulnerabilities reference this CWE, most recent first.

GHSA-R892-94GP-V735

Vulnerability from github – Published: 2024-10-11 18:32 – Updated: 2024-10-11 18:32
VLAI
Details

An Improper Restriction of Communication Channel to Intended Endpoints vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS Evolved on ACX 7000 Series allows an unauthenticated, network based attacker to cause increased consumption of resources, ultimately resulting in a Denial of Service (DoS).

When specific transit MPLS packets are received by the PFE, these packets are internally forwarded to the Routing Engine (RE), rather than being handled appropriately. Continuous receipt of these MPLS packets causes resources to be exhausted. MPLS config is not required to be affected by this issue. 

This issue affects Junos OS Evolved ACX 7000 Series: 

  • All versions before 21.4R3-S9-EVO,
  • 22.2-EVO before 22.2R3-S4-EVO, 
  • 22.3-EVO before 22.3R3-S3-EVO, 
  • 22.4-EVO before 22.4R3-S2-EVO, 
  • 23.2-EVO before 23.2R2-EVO, 
  • 23.4-EVO before 23.4R1-S1-EVO, 23.4R2-EVO.
Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-47490"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-923"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-10-11T16:15:08Z",
    "severity": "HIGH"
  },
  "details": "An Improper Restriction of Communication Channel to Intended Endpoints vulnerability in the Packet Forwarding Engine (PFE)\u00a0of Juniper Networks Junos OS Evolved on ACX 7000 Series allows an unauthenticated, network based attacker to cause increased consumption of resources, ultimately resulting in a Denial of Service (DoS).\n\nWhen specific transit MPLS packets are received by the PFE, these packets are internally forwarded to the Routing Engine (RE), rather than being handled appropriately. Continuous receipt of these MPLS packets causes resources to be exhausted. MPLS config is not required to be affected by this issue.\u00a0\n\n\nThis issue affects Junos OS Evolved ACX 7000 Series:\u00a0\n\n\n\n  *  All versions before 21.4R3-S9-EVO,\n  *  22.2-EVO before 22.2R3-S4-EVO,\u00a0\n  *  22.3-EVO before 22.3R3-S3-EVO,\u00a0\n  *  22.4-EVO before 22.4R3-S2-EVO,\u00a0\n  *  23.2-EVO before 23.2R2-EVO,\u00a0\n  *  23.4-EVO before 23.4R1-S1-EVO, 23.4R2-EVO.",
  "id": "GHSA-r892-94gp-v735",
  "modified": "2024-10-11T18:32:49Z",
  "published": "2024-10-11T18:32:49Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-47490"
    },
    {
      "type": "WEB",
      "url": "https://supportportal.juniper.net/JSA83009"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-RF49-WJFJ-QP4H

Vulnerability from github – Published: 2026-03-10 18:31 – Updated: 2026-03-10 18:31
VLAI
Details

Improper restriction of communication channel to intended endpoints in Azure IoT Explorer allows an unauthorized attacker to disclose information over a network.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-23664"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-923"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-03-10T18:18:14Z",
    "severity": "HIGH"
  },
  "details": "Improper restriction of communication channel to intended endpoints in Azure IoT Explorer allows an unauthorized attacker to disclose information over a network.",
  "id": "GHSA-rf49-wjfj-qp4h",
  "modified": "2026-03-10T18:31:19Z",
  "published": "2026-03-10T18:31:19Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-23664"
    },
    {
      "type": "WEB",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-23664"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-RMVV-67VJ-Q642

Vulnerability from github – Published: 2026-05-01 00:31 – Updated: 2026-05-01 00:31
VLAI
Details

Route Services can be leveraged to send app traffic to network destinations outside of an app's configured egress rules. As a result, a malicious developer with access to Cloudfoundry could configure a route-service that would allow it to send requests to HTTP services on internal networks reachable by the Gorouter, which may not have previously had direct access from outside networks, or from the application. Routing release: affected from v0.118.0 through v0.371.0 (inclusive); upgrade to v0.372.0 or greater. CF Deployment: affected from v0.0.2 through v54.14.0 (inclusive); upgrade to v55.0.0 or greater (includes routing_release v0.372.0).

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-22726"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-923"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-05-01T00:16:23Z",
    "severity": "MODERATE"
  },
  "details": "Route Services can be leveraged to send app traffic to network destinations outside of an app\u0027s configured egress rules. As a result, a malicious developer with access to Cloudfoundry could configure a route-service that would allow it to send requests to HTTP services on internal networks reachable by the Gorouter, which may not have previously had direct access from outside networks, or from the application.\nRouting release: affected from v0.118.0 through v0.371.0 (inclusive); upgrade to v0.372.0 or greater. CF Deployment: affected from v0.0.2 through v54.14.0 (inclusive); upgrade to v55.0.0 or greater (includes routing_release v0.372.0).",
  "id": "GHSA-rmvv-67vj-q642",
  "modified": "2026-05-01T00:31:27Z",
  "published": "2026-05-01T00:31:27Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-22726"
    },
    {
      "type": "WEB",
      "url": "https://www.cloudfoundry.org/blog/cve-2026-22726-route-services-firewall-bypass"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:L",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-V9WW-WGW5-F4F7

Vulnerability from github – Published: 2026-03-20 18:31 – Updated: 2026-04-14 15:30
VLAI
Details

An improper restriction of communication channel to intended endpoints vulnerability has been reported to affect QHora. If an attacker gains physical access, they can then exploit the vulnerability to gain the privileges that were intended for the original endpoint.

We have already fixed the vulnerability in the following version: QuRouter 2.6.3.009 and later

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-62843"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-923"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-03-20T17:16:42Z",
    "severity": "LOW"
  },
  "details": "An improper restriction of communication channel to intended endpoints vulnerability has been reported to affect QHora. If an attacker gains physical access, they can then exploit the vulnerability to gain the privileges that were intended for the original endpoint.\n\nWe have already fixed the vulnerability in the following version:\nQuRouter 2.6.3.009 and later",
  "id": "GHSA-v9ww-wgw5-f4f7",
  "modified": "2026-04-14T15:30:28Z",
  "published": "2026-03-20T18:31:19Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-62843"
    },
    {
      "type": "WEB",
      "url": "https://www.qnap.com/en/security-advisory/qsa-26-12"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:L/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-VC7R-JRPG-M6J5

Vulnerability from github – Published: 2026-03-10 18:31 – Updated: 2026-03-10 18:31
VLAI
Details

A vulnerability has been identified in Heliox Flex 180 kW EV Charging Station (All versions < F4.11.1), Heliox Mobile DC 40 kW EV Charging Station (All versions < L4.10.1). Affected devices contain improper access control that could allow an attacker to reach unauthorized services via the charging cable.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-27769"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-923"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-03-10T18:17:52Z",
    "severity": "LOW"
  },
  "details": "A vulnerability has been identified in Heliox Flex 180 kW EV Charging Station (All versions \u003c F4.11.1), Heliox Mobile DC 40 kW EV Charging Station (All versions \u003c L4.10.1). Affected devices contain improper access control that could allow an attacker to reach unauthorized services via the charging cable.",
  "id": "GHSA-vc7r-jrpg-m6j5",
  "modified": "2026-03-10T18:31:18Z",
  "published": "2026-03-10T18:31:18Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-27769"
    },
    {
      "type": "WEB",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-126399.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-VP9H-P637-9XFW

Vulnerability from github – Published: 2024-05-03 15:30 – Updated: 2024-08-01 15:31
VLAI
Details

Mullvad VPN through 2024.1 on Android does not set a DNS server in the blocking state (after a hard failure to create a tunnel), and thus DNS traffic can leave the device. Data showing that the affected device was the origin of sensitive DNS requests may be observed and logged by operators of unintended DNS servers.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-34446"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-923"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-05-03T15:15:08Z",
    "severity": "HIGH"
  },
  "details": "Mullvad VPN through 2024.1 on Android does not set a DNS server in the blocking state (after a hard failure to create a tunnel), and thus DNS traffic can leave the device. Data showing that the affected device was the origin of sensitive DNS requests may be observed and logged by operators of unintended DNS servers.",
  "id": "GHSA-vp9h-p637-9xfw",
  "modified": "2024-08-01T15:31:43Z",
  "published": "2024-05-03T15:30:55Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-34446"
    },
    {
      "type": "WEB",
      "url": "https://github.com/mullvad/mullvadvpn-app/commit/0c39306a40f426853d617e20d596942e41091f13"
    },
    {
      "type": "WEB",
      "url": "https://github.com/mullvad/mullvadvpn-app/blob/main/CHANGELOG.md"
    },
    {
      "type": "WEB",
      "url": "https://github.com/mullvad/mullvadvpn-app/tags"
    },
    {
      "type": "WEB",
      "url": "https://mullvad.net/en/blog/dns-traffic-can-leak-outside-the-vpn-tunnel-on-android"
    },
    {
      "type": "WEB",
      "url": "https://news.ycombinator.com/item?id=40247604"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-W3GP-GPRX-5VJ8

Vulnerability from github – Published: 2024-09-26 18:31 – Updated: 2024-10-04 21:31
VLAI
Details

The goTenna Pro series does not authenticate public keys which allows an unauthenticated attacker to intercept and manipulate messages.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-47125"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-287",
      "CWE-923"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-09-26T18:15:09Z",
    "severity": "HIGH"
  },
  "details": "The goTenna Pro series does not authenticate public keys which allows an unauthenticated attacker to intercept and manipulate messages.",
  "id": "GHSA-w3gp-gprx-5vj8",
  "modified": "2024-10-04T21:31:28Z",
  "published": "2024-09-26T18:31:45Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-47125"
    },
    {
      "type": "WEB",
      "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-270-04"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-W762-77XF-823W

Vulnerability from github – Published: 2024-08-05 06:30 – Updated: 2024-08-07 21:31
VLAI
Details

Multiple Pimax products accept WebSocket connections from unintended endpoints. If this vulnerability is exploited, arbitrary code may be executed by a remote unauthenticated attacker.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-41889"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-923"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-08-05T05:15:39Z",
    "severity": "HIGH"
  },
  "details": "Multiple Pimax products accept WebSocket connections from unintended endpoints. If this vulnerability is exploited, arbitrary code may be executed by a remote unauthenticated attacker.",
  "id": "GHSA-w762-77xf-823w",
  "modified": "2024-08-07T21:31:43Z",
  "published": "2024-08-05T06:30:37Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-41889"
    },
    {
      "type": "WEB",
      "url": "https://github.com/OpenMAR/PiTool"
    },
    {
      "type": "WEB",
      "url": "https://jvn.jp/en/jp/JVN50850706"
    },
    {
      "type": "WEB",
      "url": "https://pimax.com/pages/downloads-manuals"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-WCVF-3X75-J4C6

Vulnerability from github – Published: 2026-06-23 06:30 – Updated: 2026-07-08 15:31
VLAI
Details

A flaw was found in OpenSSH. A local unprivileged attacker on a Linux client host can hijack client-side X11 forwarding connections. This is possible by pre-binding the preferred abstract X socket name when X11 forwarding is enabled and a local UNIX-domain X socket is used. A successful attack can compromise the confidentiality of forwarded X11 traffic, including sensitive window contents and input, and may allow some manipulation of the forwarded session.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-55655"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-923"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-06-23T04:17:40Z",
    "severity": "MODERATE"
  },
  "details": "A flaw was found in OpenSSH. A local unprivileged attacker on a Linux client host can hijack client-side X11 forwarding connections. This is possible by pre-binding the preferred abstract X socket name when X11 forwarding is enabled and a local UNIX-domain X socket is used. A successful attack can compromise the confidentiality of forwarded X11 traffic, including sensitive window contents and input, and may allow some manipulation of the forwarded session.",
  "id": "GHSA-wcvf-3x75-j4c6",
  "modified": "2026-07-08T15:31:43Z",
  "published": "2026-06-23T06:30:41Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-55655"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2026:36759"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/security/cve/CVE-2026-55655"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2462250"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-WH8R-HXHG-W5G2

Vulnerability from github – Published: 2023-06-23 18:30 – Updated: 2024-04-04 05:07
VLAI
Details

NVIDIA Jetson contains a vulnerability in CBoot, where the PCIe controller is initialized without IOMMU, which may allow an attacker with physical access to the target device to read and write to arbitrary memory. A successful exploit of this vulnerability may lead to code execution, denial of service, information disclosure, and loss of integrity.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-25515"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-822",
      "CWE-923"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-06-23T18:15:10Z",
    "severity": "HIGH"
  },
  "details": "\nNVIDIA Jetson contains a vulnerability in CBoot, where the PCIe controller is initialized without IOMMU, which may allow an attacker with physical access to the target device to read and write to arbitrary memory. A successful exploit of this vulnerability may lead to code execution, denial of service, information disclosure, and loss of integrity. \n\n",
  "id": "GHSA-wh8r-hxhg-w5g2",
  "modified": "2024-04-04T05:07:09Z",
  "published": "2023-06-23T18:30:23Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-25515"
    },
    {
      "type": "WEB",
      "url": "https://https://nvidia.custhelp.com/app/answers/detail/a_id/5466"
    },
    {
      "type": "WEB",
      "url": "https://https://nvidia.custhelp.com/app/answers/detail/a_id/5468"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

No mitigation information available for this CWE.

CAPEC-161: Infrastructure Manipulation

An attacker exploits characteristics of the infrastructure of a network entity in order to perpetrate attacks or information gathering on network objects or effect a change in the ordinary information flow between network objects. Most often, this involves manipulation of the routing of network messages so, instead of arriving at their proper destination, they are directed towards an entity of the attackers' choosing, usually a server controlled by the attacker. The victim is often unaware that their messages are not being processed correctly. For example, a targeted client may believe they are connecting to their own bank but, in fact, be connecting to a Pharming site controlled by the attacker which then collects the user's login information in order to hijack the actual bank account.

CAPEC-481: Contradictory Destinations in Traffic Routing Schemes

Adversaries can provide contradictory destinations when sending messages. Traffic is routed in networks using the domain names in various headers available at different levels of the OSI model. In a Content Delivery Network (CDN) multiple domains might be available, and if there are contradictory domain names provided it is possible to route traffic to an inappropriate destination. The technique, called Domain Fronting, involves using different domain names in the SNI field of the TLS header and the Host field of the HTTP header. An alternative technique, called Domainless Fronting, is similar, but the SNI field is left blank.

CAPEC-501: Android Activity Hijack

An adversary intercepts an implicit intent sent to launch a Android-based trusted activity and instead launches a counterfeit activity in its place. The malicious activity is then used to mimic the trusted activity's user interface and prompt the target to enter sensitive data as if they were interacting with the trusted activity.

CAPEC-697: DHCP Spoofing

An adversary masquerades as a legitimate Dynamic Host Configuration Protocol (DHCP) server by spoofing DHCP traffic, with the goal of redirecting network traffic or denying service to DHCP.