CWE-653

Improper Isolation or Compartmentalization

Class

Draft

Description

The product does not properly compartmentalize or isolate functionality, processes, or resources that require different privilege levels, rights, or permissions.

When a weakness occurs in functionality that is accessible by lower-privileged users, then without strong boundaries, an attack might extend the scope of the damage to higher-privileged users.

Parent Weaknesses (ChildOf)

CWE-657: Violation of Secure Design Pri...

CWE-693: Protection Mechanism Failure...

Common Consequences

Scope

Access Control

Impact

Gain Privileges or Assume Identity, Bypass Protection Mechanism

Potential Mitigations

Architecture and Design

Break up privileges between different modules, objects, or entities. Minimize the interfaces between modules and require strong access control between them.

CVE-2021-33096

Improper isolation of shared resource in a network-on-chip leads to denial of service

CVE-2019-6260

Baseboard Management Controller (BMC) device implements Advanced High-performance Bus (AHB) bridges that do not require authentication for arbitrary read and write access to the BMC's physical address space from the host, and possibly the network [REF-1138].

Applicable Platforms

Not Language-Specific

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now