CWE-453
Insecure Default Variable Initialization
Description
The product, by default, initializes an internal variable with an insecure or less secure value than is possible.
Parent Weaknesses (ChildOf)
Common Consequences
Scope
Impact
Modify Application Data
Potential Mitigations
Disable or change default settings when they can be used to abuse the system. Since those default settings are shipped with the product they are likely to be known by a potential attacker who is familiar with the product. For instance, default credentials should be changed or the associated accounts should be disabled.
CVE-2022-36349insecure default variable initialization in BIOS firmware for a hardware board allows DoS
Applicable Platforms
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now