CWE-420
Unprotected Alternate Channel
Description
The product protects a primary channel, but it does not use the same level of protection for an alternate channel.
Parent Weaknesses (ChildOf)
Common Consequences
Scope
Impact
Gain Privileges or Assume Identity, Bypass Protection Mechanism
Potential Mitigations
Identify all alternate channels and use the same protection mechanisms that are used for the primary channels.
CVE-2020-8004When the internal flash is protected by blocking access on the Data Bus (DBUS), it can still be indirectly accessed through the Instruction Bus (IBUS).
CVE-2002-0567DB server assumes that local clients have performed authentication, allowing attacker to directly connect to a process to load libraries and execute commands; a socket interface also exists (another alternate channel), so attack can be remote.
CVE-2002-1578Product does not restrict access to underlying database, so attacker can bypass restrictions by directly querying the database.
CVE-2003-1035User can avoid lockouts by using an API instead of the GUI to conduct brute force password guessing.
CVE-2002-1863FTP service can not be disabled even when other access controls would require it.
CVE-2002-0066Windows named pipe created without authentication/access control, allowing configuration modification.
CVE-2004-1461Router management interface spawns a separate TCP connection after authentication, allowing hijacking by attacker coming from the same IP address.
Applicable Platforms
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now