目标达成 感谢每一位支持者 — 我们达成了 100% 目标!

目标: 1000 元 · 已筹: 1310

100%
请我们喝杯咖啡

CWE-250 带着不必要的权限执行 类漏洞列表 245

CWE-250 带着不必要的权限执行 类弱点 245 条 CVE 漏洞汇总,含 AI 中文分析。

CWE-250指程序以高于实际所需的最小权限级别执行操作。这种过度授权不仅可能直接引发权限提升漏洞,还会放大其他安全缺陷的后果。攻击者常利用此弱点,通过触发特定功能获取更高系统控制权,从而执行恶意代码或窃取敏感数据。开发者应遵循最小权限原则,在代码中严格限制进程权限,确保仅授予完成任务所必需的最低特权,从而降低潜在安全风险。

MITRE CWE 官方描述
CWE:CWE-250 Execution with Unnecessary Privileges 英文:The product performs an operation at a privilege level that is higher than the minimum level required, which creates new weaknesses or amplifies the consequences of other weaknesses.
常见影响 (1)
Confidentiality, Integrity, Availability, Access ControlGain Privileges or Assume Identity, Execute Unauthorized Code or Commands, Read Application Data, DoS: Crash, Exit, or Restart
An attacker will be able to gain access to any resources that are allowed by the extra privileges. Common results include executing code, disabling services, and reading restricted data. New weaknesses can be exposed because running with extra privileges, such as root or Administrator, can disable t…
缓解措施 (5)
Architecture and Design, OperationRun your code using the lowest privileges that are required to accomplish the necessary tasks [REF-76]. If possible, create isolated accounts with limited privileges that are only used for a single task. That way, a successful attack will not immediately give the attacker access to the rest of the software or its environment. For example, database applications rarely need to run as the database ad…
Architecture and DesignIdentify the functionality that requires additional privileges, such as access to privileged operating system resources. Wrap and centralize this functionality if possible, and isolate the privileged code as much as possible from other code [REF-76]. Raise privileges as late as possible, and drop them as soon as possible to avoid CWE-271. Avoid weaknesses such as CWE-288 and CWE-420 by protecting …
Architecture and DesignIdentify the functionality that requires additional privileges, such as access to privileged operating system resources. Wrap and centralize this functionality if possible, and isolate the privileged code as much as possible from other code [REF-76]. Raise privileges as late as possible, and drop them as soon as possible to avoid CWE-271. Avoid weaknesses such as CWE-288 and CWE-420 by protecting …
ImplementationPerform extensive input validation for any privileged code that must be exposed to the user and reject anything that does not fit your strict requirements.
ImplementationWhen dropping privileges, ensure that they have been dropped successfully to avoid CWE-273. As protection mechanisms in the environment get stronger, privilege-dropping calls may fail even if it seems like they would always succeed.
代码示例 (2)
This code temporarily raises the program's privileges to allow creation of a new user folder.
def makeNewUserDir(username): if invalidUsername(username): #avoid CWE-22 and CWE-78 print('Usernames cannot contain invalid characters') return False try: raisePrivileges() os.mkdir('/home/' + username) lowerPrivileges() except OSError: print('Unable to create new user directory for user:' + username) return False return True
Bad · Python
The following code calls chroot() to restrict the application to a subset of the filesystem below APP_HOME in order to prevent an attacker from using the program to gain unauthorized access to files located elsewhere. The code then opens a file specified by the user and processes the contents of the file.
chroot(APP_HOME); chdir("/"); FILE* data = fopen(argv[1], "r+"); ...
Bad · C
CVE ID标题CVSS风险等级Published
CVE-2023-32080 Wings 安全漏洞 — wings 9.1 Critical2023-05-10
CVE-2023-1966 Illumina Universal Copy Service 安全漏洞 — iScan Control Software 7.4 High2023-04-28
CVE-2023-0664 QEMU Guest Agent 安全漏洞 — QEMU 7.8 -2023-03-29
CVE-2022-34384 Dell SupportAssist Client 安全漏洞 — SupportAssist Client Consumer 7.8 High2023-02-10
CVE-2022-41290 IBM AIX 安全漏洞 — AIX 8.4 High2022-12-23
CVE-2022-43553 Ubiquiti EdgeRouters 安全漏洞 — EdgeMAX EdgeRouter 8.8 -2022-12-05
CVE-2022-3088 MOXA ARM-Based Computers 安全漏洞 — UC-8100A-ME-T System Imaage 7.8 High2022-11-22
CVE-2022-41950 Super Xray 安全漏洞 — super-xray 6.4 Medium2022-11-22
CVE-2022-22239 Juniper Networks Junos OS 安全漏洞 — Junos OS Evolved 8.2 High2022-10-18
CVE-2022-40182 多款Siemens产品安全漏洞 — Desigo PXM30-1 7.3 -2022-10-11
CVE-2022-2634 Digi ConnectPort X2D 安全漏洞 — ConnectPort X2D 10.0 Critical2022-08-09
CVE-2022-1744 Dominion Voting Systems ImageCast X 安全漏洞 — ImageCast X application 6.8 -2022-06-24
CVE-2022-1517 Illumina Local Run Manager 代码注入漏洞 — NextSeq 550Dx 10.0 Critical2022-06-24
CVE-2022-32535 Bosch Ethernet switch PRA-ES8P2S 安全漏洞 — PRA-ES8P2S 4.8 Medium2022-06-22
CVE-2022-1808 Chris Brame Trudesk 安全漏洞 — polonel/trudesk 8.8 -2022-05-31
CVE-2022-30695 Acronis Snap Deploy 安全漏洞 — Acronis Snap Deploy 7.8 -2022-05-16
CVE-2021-34591 Bender ebee 充电控制器 安全漏洞 — CC612 7.8 High2022-04-27
CVE-2022-0071 Hotdog 安全漏洞 — Hotdog 8.8 High2022-04-19
CVE-2022-0070 Amazon Linux 安全漏洞 — log4j-cve-2021-44228-hotpatch 8.8 High2022-04-19
CVE-2021-3101 Hotdog 安全漏洞 — Hotdog 8.8 High2022-04-19
CVE-2021-3100 Apache Log4j 安全漏洞 — log4j-cve-2021-44228-hotpatch 8.8 High2022-04-19
CVE-2022-20676 Cisco IOS XE Software输入验证错误漏洞 — Cisco IOS XE Software 5.1 Medium2022-04-15
CVE-2022-27578 SICK OEE 安全漏洞 — SICK Overall Equipment Effectiveness 7.8 -2022-04-11
CVE-2022-24113 Acronis 多款产品安全漏洞 — Acronis Cyber Protect 15 7.8 -2022-02-04
CVE-2021-36339 Dell EMC Unisphere for PowerMax 安全漏洞 — Solutions Enabler vApp 7.8 High2022-01-21
CVE-2022-21699 Interactive Python 安全漏洞 — ipython 8.2 High2022-01-19
CVE-2021-34998 Panda Security Free Antivirus 权限许可和访问控制问题漏洞 — Free Antivirus 7.8 -2022-01-13
CVE-2021-1118 NVIDIA vGPU Software 安全漏洞 — NVIDIA Virtual GPU Software 7.8 High2021-10-29
CVE-2021-3576 Total Security 安全漏洞 — Endpoint Security Tools 7.8 High2021-10-28
CVE-2021-41035 Eclipse Openj9 安全漏洞 — Eclipse OMR 9.1 -2021-10-25

CWE-250(带着不必要的权限执行) 是常见的弱点类别,本平台收录该类弱点关联的 245 条 CVE 漏洞。