ClassIncomplete

CWE-923Improper Restriction of Communication Channel to Intended Endpoints

Category: other

Description

The product establishes a communication channel to (or from) an endpoint for privileged or protected operations, but it does not properly ensure that it is communicating with the correct endpoint.

Common consequences· 1

  • Integrity / Confidentiality — Gain Privileges or Assume Identity
    If an attacker can spoof the endpoint, the attacker gains all the privileges that were intended for the original endpoint.

Related CAPEC attack patterns· 4

CAPEC-161CAPEC-481CAPEC-501CAPEC-697

References

  1. https://cwe.mitre.org/data/definitions/923.html

Exploits (incoming)4

TypeTargetConfidenceTier
AttackPatternInfrastructure Manipulationcapec-161100%live
AttackPatternDHCP Spoofingcapec-697100%live
AttackPatternContradictory Destinations in Traffic Routing Schemescapec-481100%live
AttackPatternAndroid Activity Hijackcapec-501100%live

(incoming)6

TypeTargetConfidenceTier
VulnerabilityCVE-2025-20261cve-2025-202610%live
VulnerabilityCVE-2025-29986cve-2025-299860%live
VulnerabilityCVE-2025-46566cve-2025-465660%live
VulnerabilityCVE-2025-48999cve-2025-489990%live
VulnerabilityCVE-2026-34205cve-2026-342050%live
KEVEntryCisco IOS XR Open Port Vulnerabilitykev-cve-2022-208210%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CWE
Improper Verification of Source of a Communication Channel
CWE
Channel Accessible by Non-Endpoint
CWE
Improper Enforcement of Message Integrity During Transmission in a Communication Channel
CWE
Exposure of Sensitive System Information to an Unauthorized Control Sphere
CWE
Improper Access Control
CWE
Unprotected Primary Channel
Sourced from MITRE CWE 4.20. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.