Read Time:30 Second
Description
The software does not handle or incorrectly handles when it has insufficient privileges to perform an operation, leading to resultant weaknesses.
Modes of Introduction:
– Architecture and Design
Related Weaknesses
CWE-703
CWE-269
CWE-271
CWE-280
Consequences
Other: Other, Alter Execution Logic
Potential Mitigations
CVE References
- CVE-2001-1564
- System limits are not properly enforced after privileges are dropped.
- CVE-2005-3286
- Firewall crashes when it can’t read a critical memory block that was protected by a malicious process.
- CVE-2005-1641
- Does not give admin sufficient privileges to overcome otherwise legitimate user actions.