CWE-923
Allowed-with-ReviewImproper Restriction of Communication Channel to Intended Endpoints
Abstraction: Class · Status: Incomplete
The product establishes a communication channel to (or from) an endpoint for privileged or protected operations, but it does not properly ensure that it is communicating with the correct endpoint.
112 vulnerabilities reference this CWE, most recent first.
GHSA-2768-785Q-97PF
Vulnerability from github – Published: 2024-06-19 09:31 – Updated: 2024-07-03 18:45Improper restriction of communication channel to intended endpoints issue exists in Ricoh Streamline NX PC Client ver.3.6.x and earlier. If this vulnerability is exploited, arbitrary code may be executed on the PC where the product is installed.
{
"affected": [],
"aliases": [
"CVE-2024-36252"
],
"database_specific": {
"cwe_ids": [
"CWE-923"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-06-19T07:15:46Z",
"severity": "MODERATE"
},
"details": "Improper restriction of communication channel to intended endpoints issue exists in Ricoh Streamline NX PC Client ver.3.6.x and earlier. If this vulnerability is exploited, arbitrary code may be executed on the PC where the product is installed.",
"id": "GHSA-2768-785q-97pf",
"modified": "2024-07-03T18:45:50Z",
"published": "2024-06-19T09:31:16Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-36252"
},
{
"type": "WEB",
"url": "https://jvn.jp/en/jp/JVN00442488"
},
{
"type": "WEB",
"url": "https://www.ricoh.com/products/security/vulnerabilities/vul?id=ricoh-2024-000004"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"type": "CVSS_V3"
}
]
}
GHSA-2RV4-2R9C-4Q9R
Vulnerability from github – Published: 2023-06-23 18:30 – Updated: 2024-04-04 05:07NVIDIA Jetson contains a vulnerability in CBoot, where the PCIe controller is initialized without IOMMU, which may allow an attacker with physical access to the target device to read and write to arbitrary memory. A successful exploit of this vulnerability may lead to code execution, denial of service, information disclosure, and loss of integrity.
{
"affected": [],
"aliases": [
"CVE-2023-25518"
],
"database_specific": {
"cwe_ids": [
"CWE-923"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-06-23T18:15:10Z",
"severity": "MODERATE"
},
"details": "\nNVIDIA Jetson contains a vulnerability in CBoot, where the PCIe controller is initialized without IOMMU, which may allow an attacker with physical access to the target device to read and write to arbitrary memory. A successful exploit of this vulnerability may lead to code execution, denial of service, information disclosure, and loss of integrity. \n\n",
"id": "GHSA-2rv4-2r9c-4q9r",
"modified": "2024-04-04T05:07:11Z",
"published": "2023-06-23T18:30:23Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-25518"
},
{
"type": "WEB",
"url": "https://https://nvidia.custhelp.com/app/answers/detail/a_id/5466"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-2VX9-P4FJ-XXQ6
Vulnerability from github – Published: 2025-06-04 18:30 – Updated: 2025-06-04 18:30A vulnerability in the SSH connection handling of Cisco Integrated Management Controller (IMC) for Cisco UCS B-Series, UCS C-Series, UCS S-Series, and UCS X-Series Servers could allow an authenticated, remote attacker to access internal services with elevated privileges.
This vulnerability is due to insufficient restrictions on access to internal services. An attacker with a valid user account could exploit this vulnerability by using crafted syntax when connecting to the Cisco IMC of an affected device through SSH. A successful exploit could allow the attacker to access internal services with elevated privileges, which may allow unauthorized modifications to the system, including the possibility of creating new administrator accounts on the affected device.
{
"affected": [],
"aliases": [
"CVE-2025-20261"
],
"database_specific": {
"cwe_ids": [
"CWE-923"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-06-04T17:15:26Z",
"severity": "HIGH"
},
"details": "A vulnerability in the SSH connection handling of Cisco Integrated Management Controller (IMC) for Cisco UCS B-Series, UCS C-Series, UCS S-Series, and UCS X-Series Servers could allow an authenticated, remote attacker to access internal services with elevated privileges.\n\nThis vulnerability is due to insufficient restrictions on access to internal services. An attacker with a valid user account could exploit this vulnerability by using crafted syntax when connecting to the Cisco IMC of an affected device through SSH. A successful exploit could allow the attacker to access internal services with elevated privileges, which may allow unauthorized modifications to the system, including the possibility of creating new administrator accounts on the affected device.",
"id": "GHSA-2vx9-p4fj-xxq6",
"modified": "2025-06-04T18:30:58Z",
"published": "2025-06-04T18:30:58Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-20261"
},
{
"type": "WEB",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ucs-ssh-priv-esc-2mZDtdjM"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-3VCW-XHQC-97MH
Vulnerability from github – Published: 2022-05-13 01:35 – Updated: 2025-05-22 18:31Medtronic 2090 CareLink Programmer all versions The affected product uses a virtual private network connection to securely download updates. The product does not verify it is still connected to this virtual private network before downloading updates. An attacker with local network access to the programmer could influence these communications.
{
"affected": [],
"aliases": [
"CVE-2018-10596"
],
"database_specific": {
"cwe_ids": [
"CWE-200",
"CWE-923"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2018-07-03T01:29:00Z",
"severity": "HIGH"
},
"details": "Medtronic 2090 CareLink Programmer all versions The affected product uses a virtual private network connection to securely download updates. The product does not verify it is still connected to this virtual private network before downloading updates. An attacker with local network access to the programmer could influence these communications.",
"id": "GHSA-3vcw-xhqc-97mh",
"modified": "2025-05-22T18:31:08Z",
"published": "2022-05-13T01:35:00Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-10596"
},
{
"type": "WEB",
"url": "https://global.medtronic.com/xg-en/product-security/security-bulletins/carelink-2090-29901.html"
},
{
"type": "WEB",
"url": "https://ics-cert.us-cert.gov/advisories/ICSMA-18-058-01"
},
{
"type": "WEB",
"url": "https://www.cisa.gov/news-events/ics-medical-advisories/icsma-18-058-01"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-3VJ4-CVJP-482H
Vulnerability from github – Published: 2022-05-14 02:19 – Updated: 2025-04-14 21:06The IPTables firewall in OpenStack Neutron before 7.0.4 and 8.0.0 through 8.1.0 allows remote attackers to bypass an intended ICMPv6-spoofing protection mechanism and consequently cause a denial of service or intercept network traffic via a link-local source address.
{
"affected": [
{
"package": {
"ecosystem": "PyPI",
"name": "neutron"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "7.0.5"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "neutron"
},
"ranges": [
{
"events": [
{
"introduced": "8.0.0"
},
{
"fixed": "8.1.1"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2015-8914"
],
"database_specific": {
"cwe_ids": [
"CWE-923"
],
"github_reviewed": true,
"github_reviewed_at": "2025-04-14T21:03:46Z",
"nvd_published_at": "2016-06-17T15:59:00Z",
"severity": "CRITICAL"
},
"details": "The IPTables firewall in OpenStack Neutron before 7.0.4 and 8.0.0 through 8.1.0 allows remote attackers to bypass an intended ICMPv6-spoofing protection mechanism and consequently cause a denial of service or intercept network traffic via a link-local source address.",
"id": "GHSA-3vj4-cvjp-482h",
"modified": "2025-04-14T21:06:09Z",
"published": "2022-05-14T02:19:49Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2015-8914"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2016:1473"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2016:1474"
},
{
"type": "WEB",
"url": "https://bugs.launchpad.net/neutron/+bug/1502933"
},
{
"type": "PACKAGE",
"url": "https://github.com/openstack/neutron"
},
{
"type": "WEB",
"url": "https://review.openstack.org/#/c/300233"
},
{
"type": "WEB",
"url": "https://review.openstack.org/#/c/310648"
},
{
"type": "WEB",
"url": "https://review.openstack.org/#/c/310652"
},
{
"type": "WEB",
"url": "https://security.openstack.org/ossa/OSSA-2016-009.html"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2016/06/10/5"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2016/06/10/6"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",
"type": "CVSS_V3"
}
],
"summary": "OpenStack Neutron allows remote attackers to bypass an intended ICMPv6-spoofing protection mechanism"
}
GHSA-3VMP-5673-67P4
Vulnerability from github – Published: 2025-01-30 12:31 – Updated: 2025-01-30 12:31IBM App Connect Enterprise Certified Container 7.1, 7.2, 8.0, 8.1, 8.2, 9.0, 9.1, 9.2, 10.0, 10.1, 11.0, 11.1, 11.2, 11.3, 11.4, 11.5, 11.6, 12.0, 12.1, 12.2, 12.3, 12.4, 12.5, 12.6, and 12.7 Pods do not restrict network egress for Pods that are used for internal infrastructure.
{
"affected": [],
"aliases": [
"CVE-2022-43916"
],
"database_specific": {
"cwe_ids": [
"CWE-862",
"CWE-923"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-01-30T12:15:26Z",
"severity": "MODERATE"
},
"details": "IBM App Connect Enterprise Certified Container 7.1, 7.2, 8.0, 8.1, 8.2, 9.0, 9.1, 9.2, 10.0, 10.1, 11.0, 11.1, 11.2, 11.3, 11.4, 11.5, 11.6, 12.0, 12.1, 12.2, 12.3, 12.4, 12.5, 12.6, and 12.7 Pods do not restrict network egress for Pods that are used for internal infrastructure.",
"id": "GHSA-3vmp-5673-67p4",
"modified": "2025-01-30T12:31:19Z",
"published": "2025-01-30T12:31:19Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-43916"
},
{
"type": "WEB",
"url": "https://www.ibm.com/support/pages/node/7181916"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-4CRJ-QC6G-G3XJ
Vulnerability from github – Published: 2026-06-18 15:32 – Updated: 2026-06-18 15:32Docker Sandboxes (sbx) enforces an HTTP/S-only egress allowlist but does not apply it to DNS resolution: the per-network embedded DNS server forwards any queried name to the host resolver whenever the network is internet-connected, without consulting the policy. A workload inside a sandbox, which the threat model treats as untrusted, can therefore encode data into DNS labels for an attacker-controlled domain and exfiltrate it through a DNS covert channel, bypassing the configured allowlist.
{
"affected": [],
"aliases": [
"CVE-2026-12039"
],
"database_specific": {
"cwe_ids": [
"CWE-923"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-06-18T14:17:20Z",
"severity": "MODERATE"
},
"details": "Docker Sandboxes (sbx) enforces an HTTP/S-only egress allowlist but does not apply it to DNS resolution: the per-network embedded DNS server forwards any queried name to the host resolver whenever the network is internet-connected, without consulting the policy. A workload inside a sandbox, which the threat model treats as untrusted, can therefore encode data into DNS labels for an attacker-controlled domain and exfiltrate it through a DNS covert channel, bypassing the configured allowlist.",
"id": "GHSA-4crj-qc6g-g3xj",
"modified": "2026-06-18T15:32:02Z",
"published": "2026-06-18T15:32:02Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-12039"
},
{
"type": "WEB",
"url": "https://docs.docker.com/ai/sandboxes"
},
{
"type": "WEB",
"url": "https://github.com/docker/sbx-releases/releases/tag/v0.33.0"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-4FPQ-5JRJ-PHCG
Vulnerability from github – Published: 2026-07-14 18:31 – Updated: 2026-07-14 18:31A improper restriction of communication channel to intended endpoints vulnerability in Fortinet FortiSIEMWindowsAgent 7.4.0 through 7.4.1 may allow attacker to escalation of privilege via
{
"affected": [],
"aliases": [
"CVE-2026-59841"
],
"database_specific": {
"cwe_ids": [
"CWE-923"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-07-14T16:17:03Z",
"severity": "HIGH"
},
"details": "A improper restriction of communication channel to intended endpoints vulnerability in Fortinet FortiSIEMWindowsAgent 7.4.0 through 7.4.1 may allow attacker to escalation of privilege via \u003cinsert attack vector here\u003e",
"id": "GHSA-4fpq-5jrj-phcg",
"modified": "2026-07-14T18:31:56Z",
"published": "2026-07-14T18:31:56Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-59841"
},
{
"type": "WEB",
"url": "https://fortiguard.fortinet.com/psirt/FG-IR-26-155"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-5V3R-FF3V-F3Q4
Vulnerability from github – Published: 2024-10-08 18:33 – Updated: 2024-10-08 18:33{
"affected": [],
"aliases": [
"CVE-2024-43571"
],
"database_specific": {
"cwe_ids": [
"CWE-923"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-10-08T18:15:24Z",
"severity": "MODERATE"
},
"details": "Sudo for Windows Spoofing Vulnerability",
"id": "GHSA-5v3r-ff3v-f3q4",
"modified": "2024-10-08T18:33:16Z",
"published": "2024-10-08T18:33:16Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-43571"
},
{
"type": "WEB",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43571"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-6VV3-869F-RHV7
Vulnerability from github – Published: 2025-02-13 00:33 – Updated: 2025-02-13 00:33Improper restriction of communication channel to intended endpoints in some Intel(R) PROSet/Wireless WiFi and Killerâ„¢ WiFi software before version 23.80 may allow an unauthenticated user to potentially enable information disclosure via adjacent access.
{
"affected": [],
"aliases": [
"CVE-2024-39271"
],
"database_specific": {
"cwe_ids": [
"CWE-923"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-02-12T22:15:35Z",
"severity": "LOW"
},
"details": "Improper restriction of communication channel to intended endpoints in some Intel(R) PROSet/Wireless WiFi and Killer\u00e2\u201e\u00a2 WiFi software before version 23.80 may allow an unauthenticated user to potentially enable information disclosure via adjacent access.",
"id": "GHSA-6vv3-869f-rhv7",
"modified": "2025-02-13T00:33:06Z",
"published": "2025-02-13T00:33:06Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-39271"
},
{
"type": "WEB",
"url": "https://intel.com/content/www/us/en/security-center/advisory/intel-sa-01224.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:A/AC:H/AT:P/PR:N/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
No mitigation information available for this CWE.
CAPEC-161: Infrastructure Manipulation
An attacker exploits characteristics of the infrastructure of a network entity in order to perpetrate attacks or information gathering on network objects or effect a change in the ordinary information flow between network objects. Most often, this involves manipulation of the routing of network messages so, instead of arriving at their proper destination, they are directed towards an entity of the attackers' choosing, usually a server controlled by the attacker. The victim is often unaware that their messages are not being processed correctly. For example, a targeted client may believe they are connecting to their own bank but, in fact, be connecting to a Pharming site controlled by the attacker which then collects the user's login information in order to hijack the actual bank account.
CAPEC-481: Contradictory Destinations in Traffic Routing Schemes
Adversaries can provide contradictory destinations when sending messages. Traffic is routed in networks using the domain names in various headers available at different levels of the OSI model. In a Content Delivery Network (CDN) multiple domains might be available, and if there are contradictory domain names provided it is possible to route traffic to an inappropriate destination. The technique, called Domain Fronting, involves using different domain names in the SNI field of the TLS header and the Host field of the HTTP header. An alternative technique, called Domainless Fronting, is similar, but the SNI field is left blank.
CAPEC-501: Android Activity Hijack
An adversary intercepts an implicit intent sent to launch a Android-based trusted activity and instead launches a counterfeit activity in its place. The malicious activity is then used to mimic the trusted activity's user interface and prompt the target to enter sensitive data as if they were interacting with the trusted activity.
CAPEC-697: DHCP Spoofing
An adversary masquerades as a legitimate Dynamic Host Configuration Protocol (DHCP) server by spoofing DHCP traffic, with the goal of redirecting network traffic or denying service to DHCP.