Metalikelihood: Highseverity: MediumDraft

CAPEC-122Privilege Abuse

Abstraction
Meta
Status
Draft
Likelihood
High
Severity
Medium

Description

An adversary is able to exploit features of the target that should be reserved for privileged users or administrators but are exposed to use by lower or non-privileged accounts. Access to sensitive information and functionality must be controlled to ensure that only authorized users are able to access these resources.

Related weaknesses· 3

CWE-269CWE-732CWE-1317

MITRE ATT&CK crosswalk· 1

T1548: Abuse Elevation Control Mechanism

Related attack patterns· 1

CAPEC-664 (CanPrecede)

Exploits3

TypeTargetConfidenceTier
WeaknessImproper Access Control in Fabric Bridgecwe-1317100%live
WeaknessImproper Privilege Managementcwe-269100%live
WeaknessIncorrect Permission Assignment for Critical Resourcecwe-732100%live

Related to1

TypeTargetConfidenceTier
TechniqueAbuse Elevation Control Mechanismt1548100%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CAPEC
Privilege Escalation
CAPEC
Authentication Abuse
CAPEC
Functionality Misuse
CAPEC
Hijacking a privileged process
CAPEC
Accessing Functionality Not Properly Constrained by ACLs
CAPEC
Exploiting Incorrectly Configured Access Control Security Levels
Sourced from MITRE CAPEC. Curated by Adam Lundqvist, SQUR.