CWE-923 - Improper Restriction of Communication Channel to Intended Endpoints

Description

This vulnerability types describes a case where software establishes a communication channel to (or from) an endpoint for privileged or protected operations, but it does not properly ensure that it is communicating with the correct endpoint.

An attacker can perform a spoofing attack and gain unauthorized access to the software that is prone to this vulnerability.

Latest vulnerabilities for CWE-923

Multiple vulnerabilities in Element Android 2024-04-19
High Yes

Multiple vulnerabilities in IBM Storage Protect Plus vSnap 2024-01-23
Medium Yes

Improper restriction of communication channel to intended endpoints in Juniper Junos OS Evolved 2023-10-23
Low Yes

Undocumented tunnel support in Cisco Umbrella Virtual Appliance 2023-08-17
Medium Yes

Multiple vulnerabilities in Dell Networking MX Series Switches 2023-08-16
High Yes

Improper access restriction in SAP Web Dispatcher IP filter 2023-04-17
Medium Yes

Security restrictions bypass in Juniper Networks Paragon Active Assurance 2023-04-12
Medium Yes

Remote code execution in PAN-OS on PA-7000 Series 2019-12-20
High Yes

Multiple vulnerabilities in CODESYS Control Products 2018-12-19
Low Yes

References

Description of CWE-923 on Mitre website