CWE-673

External Influence of Sphere Definition

Class

What it is

The product does not prevent the definition of control spheres from external actors.

Typically, a product defines its control sphere within the code itself, or through configuration by the product's administrator. In some cases, an external party can change the definition of the control sphere. This is typically a resultant weakness.

Impact

Other

Real-world CVE examples

CVE-2008-2613 — setuid program allows compromise using path that finds and loads a malicious library.

Related weaknesses

CWE-664 (childof)

Test & detect

Browse all common weaknesses, check related exploited CVEs, or map to ATT&CK techniques.

Source: MITRE CWE. View on cwe.mitre.org →