Common Weakness Enumeration

CWE-923

Allowed-with-Review

Improper Restriction of Communication Channel to Intended Endpoints

Abstraction: Class · Status: Incomplete

The product establishes a communication channel to (or from) an endpoint for privileged or protected operations, but it does not properly ensure that it is communicating with the correct endpoint.

112 vulnerabilities reference this CWE, most recent first.

GHSA-2768-785Q-97PF

Vulnerability from github – Published: 2024-06-19 09:31 – Updated: 2024-07-03 18:45
VLAI
Details

Improper restriction of communication channel to intended endpoints issue exists in Ricoh Streamline NX PC Client ver.3.6.x and earlier. If this vulnerability is exploited, arbitrary code may be executed on the PC where the product is installed.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-36252"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-923"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-06-19T07:15:46Z",
    "severity": "MODERATE"
  },
  "details": "Improper restriction of communication channel to intended endpoints issue exists in Ricoh Streamline NX PC Client ver.3.6.x and earlier. If this vulnerability is exploited, arbitrary code may be executed on the PC where the product is installed.",
  "id": "GHSA-2768-785q-97pf",
  "modified": "2024-07-03T18:45:50Z",
  "published": "2024-06-19T09:31:16Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-36252"
    },
    {
      "type": "WEB",
      "url": "https://jvn.jp/en/jp/JVN00442488"
    },
    {
      "type": "WEB",
      "url": "https://www.ricoh.com/products/security/vulnerabilities/vul?id=ricoh-2024-000004"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-2RV4-2R9C-4Q9R

Vulnerability from github – Published: 2023-06-23 18:30 – Updated: 2024-04-04 05:07
VLAI
Details

NVIDIA Jetson contains a vulnerability in CBoot, where the PCIe controller is initialized without IOMMU, which may allow an attacker with physical access to the target device to read and write to arbitrary memory. A successful exploit of this vulnerability may lead to code execution, denial of service, information disclosure, and loss of integrity.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-25518"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-923"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-06-23T18:15:10Z",
    "severity": "MODERATE"
  },
  "details": "\nNVIDIA Jetson contains a vulnerability in CBoot, where the PCIe controller is initialized without IOMMU, which may allow an attacker with physical access to the target device to read and write to arbitrary memory. A successful exploit of this vulnerability may lead to code execution, denial of service, information disclosure, and loss of integrity. \n\n",
  "id": "GHSA-2rv4-2r9c-4q9r",
  "modified": "2024-04-04T05:07:11Z",
  "published": "2023-06-23T18:30:23Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-25518"
    },
    {
      "type": "WEB",
      "url": "https://https://nvidia.custhelp.com/app/answers/detail/a_id/5466"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-2VX9-P4FJ-XXQ6

Vulnerability from github – Published: 2025-06-04 18:30 – Updated: 2025-06-04 18:30
VLAI
Details

A vulnerability in the SSH connection handling of Cisco Integrated Management Controller (IMC) for Cisco UCS B-Series, UCS C-Series, UCS S-Series, and UCS X-Series Servers could allow an authenticated, remote attacker to access internal services with elevated privileges.

This vulnerability is due to insufficient restrictions on access to internal services. An attacker with a valid user account could exploit this vulnerability by using crafted syntax when connecting to the Cisco IMC of an affected device through SSH. A successful exploit could allow the attacker to access internal services with elevated privileges, which may allow unauthorized modifications to the system, including the possibility of creating new administrator accounts on the affected device.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-20261"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-923"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-06-04T17:15:26Z",
    "severity": "HIGH"
  },
  "details": "A vulnerability in the SSH connection handling of Cisco Integrated Management Controller (IMC) for Cisco UCS B-Series, UCS C-Series, UCS S-Series, and UCS X-Series Servers could allow an authenticated, remote attacker to access internal services with elevated privileges.\n\nThis vulnerability is due to insufficient restrictions on access to internal services. An attacker with a valid user account could exploit this vulnerability by using crafted syntax when connecting to the Cisco IMC of an affected device through SSH. A successful exploit could allow the attacker to access internal services with elevated privileges, which may allow unauthorized modifications to the system, including the possibility of creating new administrator accounts on the affected device.",
  "id": "GHSA-2vx9-p4fj-xxq6",
  "modified": "2025-06-04T18:30:58Z",
  "published": "2025-06-04T18:30:58Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-20261"
    },
    {
      "type": "WEB",
      "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ucs-ssh-priv-esc-2mZDtdjM"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-3VCW-XHQC-97MH

Vulnerability from github – Published: 2022-05-13 01:35 – Updated: 2025-05-22 18:31
VLAI
Details

Medtronic 2090 CareLink Programmer all versions The affected product uses a virtual private network connection to securely download updates. The product does not verify it is still connected to this virtual private network before downloading updates. An attacker with local network access to the programmer could influence these communications.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2018-10596"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-200",
      "CWE-923"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2018-07-03T01:29:00Z",
    "severity": "HIGH"
  },
  "details": "Medtronic 2090 CareLink Programmer all versions The affected product uses a virtual private network connection to securely download updates. The product does not verify it is still connected to this virtual private network before downloading updates. An attacker with local network access to the programmer could influence these communications.",
  "id": "GHSA-3vcw-xhqc-97mh",
  "modified": "2025-05-22T18:31:08Z",
  "published": "2022-05-13T01:35:00Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-10596"
    },
    {
      "type": "WEB",
      "url": "https://global.medtronic.com/xg-en/product-security/security-bulletins/carelink-2090-29901.html"
    },
    {
      "type": "WEB",
      "url": "https://ics-cert.us-cert.gov/advisories/ICSMA-18-058-01"
    },
    {
      "type": "WEB",
      "url": "https://www.cisa.gov/news-events/ics-medical-advisories/icsma-18-058-01"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-3VJ4-CVJP-482H

Vulnerability from github – Published: 2022-05-14 02:19 – Updated: 2025-04-14 21:06
VLAI
Summary
OpenStack Neutron allows remote attackers to bypass an intended ICMPv6-spoofing protection mechanism
Details

The IPTables firewall in OpenStack Neutron before 7.0.4 and 8.0.0 through 8.1.0 allows remote attackers to bypass an intended ICMPv6-spoofing protection mechanism and consequently cause a denial of service or intercept network traffic via a link-local source address.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "neutron"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "7.0.5"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "neutron"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "8.0.0"
            },
            {
              "fixed": "8.1.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2015-8914"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-923"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2025-04-14T21:03:46Z",
    "nvd_published_at": "2016-06-17T15:59:00Z",
    "severity": "CRITICAL"
  },
  "details": "The IPTables firewall in OpenStack Neutron before 7.0.4 and 8.0.0 through 8.1.0 allows remote attackers to bypass an intended ICMPv6-spoofing protection mechanism and consequently cause a denial of service or intercept network traffic via a link-local source address.",
  "id": "GHSA-3vj4-cvjp-482h",
  "modified": "2025-04-14T21:06:09Z",
  "published": "2022-05-14T02:19:49Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-8914"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2016:1473"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2016:1474"
    },
    {
      "type": "WEB",
      "url": "https://bugs.launchpad.net/neutron/+bug/1502933"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/openstack/neutron"
    },
    {
      "type": "WEB",
      "url": "https://review.openstack.org/#/c/300233"
    },
    {
      "type": "WEB",
      "url": "https://review.openstack.org/#/c/310648"
    },
    {
      "type": "WEB",
      "url": "https://review.openstack.org/#/c/310652"
    },
    {
      "type": "WEB",
      "url": "https://security.openstack.org/ossa/OSSA-2016-009.html"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2016/06/10/5"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2016/06/10/6"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "OpenStack Neutron allows remote attackers to bypass an intended ICMPv6-spoofing protection mechanism"
}

GHSA-3VMP-5673-67P4

Vulnerability from github – Published: 2025-01-30 12:31 – Updated: 2025-01-30 12:31
VLAI
Details

IBM App Connect Enterprise Certified Container 7.1, 7.2, 8.0, 8.1, 8.2, 9.0, 9.1, 9.2, 10.0, 10.1, 11.0, 11.1, 11.2, 11.3, 11.4, 11.5, 11.6, 12.0, 12.1, 12.2, 12.3, 12.4, 12.5, 12.6, and 12.7 Pods do not restrict network egress for Pods that are used for internal infrastructure.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-43916"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-862",
      "CWE-923"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-01-30T12:15:26Z",
    "severity": "MODERATE"
  },
  "details": "IBM App Connect Enterprise Certified Container 7.1, 7.2, 8.0, 8.1, 8.2, 9.0, 9.1, 9.2, 10.0, 10.1, 11.0, 11.1, 11.2, 11.3, 11.4, 11.5, 11.6, 12.0, 12.1, 12.2, 12.3, 12.4, 12.5, 12.6, and 12.7 Pods do not restrict network egress for Pods that are used for internal infrastructure.",
  "id": "GHSA-3vmp-5673-67p4",
  "modified": "2025-01-30T12:31:19Z",
  "published": "2025-01-30T12:31:19Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-43916"
    },
    {
      "type": "WEB",
      "url": "https://www.ibm.com/support/pages/node/7181916"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-4CRJ-QC6G-G3XJ

Vulnerability from github – Published: 2026-06-18 15:32 – Updated: 2026-06-18 15:32
VLAI
Details

Docker Sandboxes (sbx) enforces an HTTP/S-only egress allowlist but does not apply it to DNS resolution: the per-network embedded DNS server forwards any queried name to the host resolver whenever the network is internet-connected, without consulting the policy. A workload inside a sandbox, which the threat model treats as untrusted, can therefore encode data into DNS labels for an attacker-controlled domain and exfiltrate it through a DNS covert channel, bypassing the configured allowlist.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-12039"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-923"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-06-18T14:17:20Z",
    "severity": "MODERATE"
  },
  "details": "Docker Sandboxes (sbx) enforces an HTTP/S-only egress allowlist but does not apply it to DNS resolution: the per-network embedded DNS server forwards any queried name to the host resolver whenever the network is internet-connected, without consulting the policy. A workload inside a sandbox, which the threat model treats as untrusted, can therefore encode data into DNS labels for an attacker-controlled domain and exfiltrate it through a DNS covert channel, bypassing the configured allowlist.",
  "id": "GHSA-4crj-qc6g-g3xj",
  "modified": "2026-06-18T15:32:02Z",
  "published": "2026-06-18T15:32:02Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-12039"
    },
    {
      "type": "WEB",
      "url": "https://docs.docker.com/ai/sandboxes"
    },
    {
      "type": "WEB",
      "url": "https://github.com/docker/sbx-releases/releases/tag/v0.33.0"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-4FPQ-5JRJ-PHCG

Vulnerability from github – Published: 2026-07-14 18:31 – Updated: 2026-07-14 18:31
VLAI
Details

A improper restriction of communication channel to intended endpoints vulnerability in Fortinet FortiSIEMWindowsAgent 7.4.0 through 7.4.1 may allow attacker to escalation of privilege via

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-59841"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-923"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-07-14T16:17:03Z",
    "severity": "HIGH"
  },
  "details": "A improper restriction of communication channel to intended endpoints vulnerability in Fortinet FortiSIEMWindowsAgent 7.4.0 through 7.4.1 may allow attacker to escalation of privilege via \u003cinsert attack vector here\u003e",
  "id": "GHSA-4fpq-5jrj-phcg",
  "modified": "2026-07-14T18:31:56Z",
  "published": "2026-07-14T18:31:56Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-59841"
    },
    {
      "type": "WEB",
      "url": "https://fortiguard.fortinet.com/psirt/FG-IR-26-155"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-5V3R-FF3V-F3Q4

Vulnerability from github – Published: 2024-10-08 18:33 – Updated: 2024-10-08 18:33
VLAI
Details

Sudo for Windows Spoofing Vulnerability

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-43571"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-923"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-10-08T18:15:24Z",
    "severity": "MODERATE"
  },
  "details": "Sudo for Windows Spoofing Vulnerability",
  "id": "GHSA-5v3r-ff3v-f3q4",
  "modified": "2024-10-08T18:33:16Z",
  "published": "2024-10-08T18:33:16Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-43571"
    },
    {
      "type": "WEB",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43571"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-6VV3-869F-RHV7

Vulnerability from github – Published: 2025-02-13 00:33 – Updated: 2025-02-13 00:33
VLAI
Details

Improper restriction of communication channel to intended endpoints in some Intel(R) PROSet/Wireless WiFi and Killerâ„¢ WiFi software before version 23.80 may allow an unauthenticated user to potentially enable information disclosure via adjacent access.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-39271"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-923"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-02-12T22:15:35Z",
    "severity": "LOW"
  },
  "details": "Improper restriction of communication channel to intended endpoints in some Intel(R) PROSet/Wireless WiFi and Killer\u00e2\u201e\u00a2 WiFi software before version 23.80 may allow an unauthenticated user to potentially enable information disclosure via adjacent access.",
  "id": "GHSA-6vv3-869f-rhv7",
  "modified": "2025-02-13T00:33:06Z",
  "published": "2025-02-13T00:33:06Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-39271"
    },
    {
      "type": "WEB",
      "url": "https://intel.com/content/www/us/en/security-center/advisory/intel-sa-01224.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:A/AC:H/AT:P/PR:N/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

No mitigation information available for this CWE.

CAPEC-161: Infrastructure Manipulation

An attacker exploits characteristics of the infrastructure of a network entity in order to perpetrate attacks or information gathering on network objects or effect a change in the ordinary information flow between network objects. Most often, this involves manipulation of the routing of network messages so, instead of arriving at their proper destination, they are directed towards an entity of the attackers' choosing, usually a server controlled by the attacker. The victim is often unaware that their messages are not being processed correctly. For example, a targeted client may believe they are connecting to their own bank but, in fact, be connecting to a Pharming site controlled by the attacker which then collects the user's login information in order to hijack the actual bank account.

CAPEC-481: Contradictory Destinations in Traffic Routing Schemes

Adversaries can provide contradictory destinations when sending messages. Traffic is routed in networks using the domain names in various headers available at different levels of the OSI model. In a Content Delivery Network (CDN) multiple domains might be available, and if there are contradictory domain names provided it is possible to route traffic to an inappropriate destination. The technique, called Domain Fronting, involves using different domain names in the SNI field of the TLS header and the Host field of the HTTP header. An alternative technique, called Domainless Fronting, is similar, but the SNI field is left blank.

CAPEC-501: Android Activity Hijack

An adversary intercepts an implicit intent sent to launch a Android-based trusted activity and instead launches a counterfeit activity in its place. The malicious activity is then used to mimic the trusted activity's user interface and prompt the target to enter sensitive data as if they were interacting with the trusted activity.

CAPEC-697: DHCP Spoofing

An adversary masquerades as a legitimate Dynamic Host Configuration Protocol (DHCP) server by spoofing DHCP traffic, with the goal of redirecting network traffic or denying service to DHCP.