CWE-273: Improper Check for Dropped Privileges
ID
CWE-273
Abstraction
Base
Structure
Simple
Status
Incomplete
Number of CVEs
23
The product attempts to drop privileges but does not check or incorrectly checks to see if the drop succeeded.
If the drop fails, the product will continue to run with the raised privileges, which might provide additional access to unprivileged users.
Modes of Introduction
| Phase | Note |
|---|---|
| Implementation | REALIZATION: This weakness is caused during implementation of an architectural security tactic. This issue is likely to occur in restrictive environments in which the operating system or application provides fine-grained control over privilege management. |
Applicable Platforms
| Type | Class | Name | Prevalence |
|---|---|---|---|
| Language | Not Language-Specific |
Relationships
| View | Weakness | |||||||
|---|---|---|---|---|---|---|---|---|
| # ID | View | Status | # ID | Name | Abstraction | Structure | Status | |
| CWE-1000 | Research Concepts | Draft | CWE-754 | Improper Check for Unusual or Exceptional Conditions | Class | Simple | Incomplete | |
| CWE-1003 | Weaknesses for Simplified Mapping of Published Vulnerabilities | Incomplete | CWE-754 | Improper Check for Unusual or Exceptional Conditions | Class | Simple | Incomplete | |
| CWE-1000 | Research Concepts | Draft | CWE-271 | Privilege Dropping / Lowering Errors | Class | Simple | Incomplete | |
| CWE-1000 | Research Concepts | Draft | CWE-252 | Unchecked Return Value | Base | Simple | Draft | |
CVEs Published
CVSS Severity
CVSS Severity - By Year
CVSS Base Score
| # CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
|---|---|---|---|---|---|---|---|---|---|---|---|
| # CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |
Loading...