{"@ID": "653", "@Name": "Improper Isolation or Compartmentalization", "@Abstraction": "Class", "@Structure": "Simple", "@Status": "Draft", "Description": "The product does not properly compartmentalize or isolate functionality, processes, or resources that require different privilege levels, rights, or permissions.", "Extended_Description": "When a weakness occurs in functionality that is accessible by lower-privileged users, then without strong boundaries, an attack might extend the scope of the damage to higher-privileged users.", "Related_Weaknesses": {"Related_Weakness": [{"@Nature": "ChildOf", "@CWE_ID": "657", "@View_ID": "1000", "@Ordinal": "Primary"}, {"@Nature": "ChildOf", "@CWE_ID": "693", "@View_ID": "1000"}]}, "Weakness_Ordinalities": {"Weakness_Ordinality": {"Ordinality": "Primary"}}, "Applicable_Platforms": {"Language": {"@Class": "Not Language-Specific", "@Prevalence": "Undetermined"}}, "Alternate_Terms": {"Alternate_Term": {"Term": "Separation of Privilege", "Description": "Some people and publications use the term \"Separation of Privilege\" to describe this weakness, but this term has dual meanings in current usage. This node conflicts with the original definition of \"Separation of Privilege\" by Saltzer and Schroeder; that original definition is more closely associated with CWE-654. Because there are multiple interpretations, use of the \"Separation of Privilege\" term is discouraged."}}, "Modes_Of_Introduction": {"Introduction": [{"Phase": "Architecture and Design", "Note": "COMMISSION: This weakness refers to an incorrect design related to an architectural security tactic."}, {"Phase": "Implementation"}]}, "Common_Consequences": {"Consequence": {"Scope": "Access Control", "Impact": ["Gain Privileges or Assume Identity", "Bypass Protection Mechanism"], "Note": "The exploitation of a weakness in low-privileged areas of the software can be leveraged to reach higher-privileged areas without having to overcome any additional obstacles."}}, "Detection_Methods": {"Detection_Method": [{"Method": "Automated Static Analysis - Binary or Bytecode", "Description": {"xhtml:p": "According to SOAR, the following detection techniques may be useful:", "xhtml:div": {"@style": "margin-left:1em;", "xhtml:div": "Cost effective for partial coverage:", "xhtml:ul": {"xhtml:li": "Compare binary / bytecode to application permission manifest"}}}, "Effectiveness": "SOAR Partial"}, {"Method": "Manual Static Analysis - Source Code", "Description": {"xhtml:p": "According to SOAR, the following detection techniques may be useful:", "xhtml:div": {"@style": "margin-left:1em;", "xhtml:div": ["Highly cost effective:", "Cost effective for partial coverage:"], "xhtml:ul": [{"xhtml:li": "Manual Source Code Review (not inspections)"}, {"xhtml:li": "Focused Manual Spotcheck - Focused manual analysis of source"}]}}, "Effectiveness": "High"}, {"Method": "Architecture or Design Review", "Description": {"xhtml:p": "According to SOAR, the following detection techniques may be useful:", "xhtml:div": {"@style": "margin-left:1em;", "xhtml:div": ["Highly cost effective:", "Cost effective for partial coverage:"], "xhtml:ul": [{"xhtml:li": ["Inspection (IEEE 1028 standard) (can apply to requirements, design, source code, etc.)", "Formal Methods / Correct-By-Construction"]}, {"xhtml:li": "Attack Modeling"}]}}, "Effectiveness": "High"}]}, "Potential_Mitigations": {"Mitigation": {"Phase": "Architecture and Design", "Description": "Break up privileges between different modules, objects, or entities. Minimize the interfaces between modules and require strong access control between them."}}, "Demonstrative_Examples": {"Demonstrative_Example": [{"@Demonstrative_Example_ID": "DX-167", "Intro_Text": "Single sign-on technology is intended to make it easier for users to access multiple resources or domains without having to authenticate each time. While this is highly convenient for the user and attempts to address problems with psychological acceptability, it also means that a compromise of a user's credentials can provide immediate access to all other resources or domains."}, {"Intro_Text": "The traditional UNIX privilege model provides root with arbitrary access to all resources, but root is frequently the only user that has privileges. As a result, administrative tasks require root privileges, even if those tasks are limited to a small area, such as updating user manpages. Some UNIX flavors have a \"bin\" user that is the owner of system executables, but since root relies on executables owned by bin, a compromise of the bin account can be leveraged for root privileges by modifying a bin-owned executable, such as CVE-2007-4238."}]}, "Observed_Examples": {"Observed_Example": [{"Reference": "CVE-2021-33096", "Description": "Improper isolation of shared resource in a network-on-chip leads to denial of service", "Link": "https://www.cve.org/CVERecord?id=CVE-2021-33096"}, {"Reference": "CVE-2019-6260", "Description": "Baseboard Management Controller (BMC) device implements Advanced High-performance Bus (AHB) bridges that do not require authentication for arbitrary read and write access to the BMC's physical address space from the host, and possibly the network [REF-1138].", "Link": "https://www.cve.org/CVERecord?id=CVE-2019-6260"}]}, "References": {"Reference": [{"@External_Reference_ID": "REF-196"}, {"@External_Reference_ID": "REF-535"}, {"@External_Reference_ID": "REF-1138"}, {"@External_Reference_ID": "REF-1479"}]}, "Mapping_Notes": {"Usage": "Allowed", "Rationale": "This CWE entry is at the Base level of abstraction, which is a preferred level of abstraction for mapping to the root causes of vulnerabilities.", "Comments": "Carefully read both the name and description to ensure that this mapping is an appropriate fit. Do not try to 'force' a mapping to a lower-level Base/Variant simply to comply with this preferred level of abstraction.", "Reasons": {"Reason": {"@Type": "Acceptable-Use"}}}, "Notes": {"Note": [{"@Type": "Relationship", "#text": "There is a close association with CWE-250 (Execution with Unnecessary Privileges). CWE-653 is about providing separate components for each \"privilege\"; CWE-250 is about ensuring that each component has the least amount of privileges possible. In this fashion, compartmentalization becomes one mechanism for reducing privileges."}, {"@Type": "Terminology", "#text": "The term \"Separation of Privilege\" is used in several different ways in the industry, but they generally combine two closely related principles: compartmentalization (this node) and using only one factor in a security decision (CWE-654). Proper compartmentalization implicitly introduces multiple factors into a security decision, but there can be cases in which multiple factors are required for authentication or other mechanisms that do not involve compartmentalization, such as performing all required checks on a submitted certificate. It is likely that CWE-653 and CWE-654 will provoke further discussion."}]}, "Content_History": {"Submission": {"Submission_Name": "Pascal Meunier", "Submission_Organization": "Purdue University", "Submission_Date": "2008-01-18", "Submission_Version": "Draft 8", "Submission_ReleaseDate": "2008-01-30"}, "Modification": [{"Modification_Name": "Eric Dalci", "Modification_Organization": "Cigital", "Modification_Date": "2008-07-01", "Modification_Version": "1.0", "Modification_ReleaseDate": "2008-09-09", "Modification_Comment": "updated Time_of_Introduction"}, {"Modification_Name": "CWE Content Team", "Modification_Organization": "MITRE", "Modification_Date": "2008-09-08", "Modification_Version": "1.0", "Modification_ReleaseDate": "2008-09-09", "Modification_Comment": "updated Alternate_Terms, Common_Consequences, Description, Relationships, Other_Notes, Weakness_Ordinalities"}, {"Modification_Name": "CWE Content Team", "Modification_Organization": "MITRE", "Modification_Date": "2009-01-12", "Modification_Version": "1.2", "Modification_ReleaseDate": "2009-01-12", "Modification_Comment": "updated Name"}, {"Modification_Name": "CWE Content Team", "Modification_Organization": "MITRE", "Modification_Date": "2010-12-13", "Modification_Version": "1.11", "Modification_ReleaseDate": "2010-12-13", "Modification_Comment": "updated Other_Notes, Relationship_Notes, Terminology_Notes"}, {"Modification_Name": "CWE Content Team", "Modification_Organization": "MITRE", "Modification_Date": "2011-06-01", "Modification_Version": "1.13", "Modification_ReleaseDate": "2011-06-01", "Modification_Comment": "updated Common_Consequences"}, {"Modification_Name": "CWE Content Team", "Modification_Organization": "MITRE", "Modification_Date": "2012-05-11", "Modification_Version": "2.2", "Modification_ReleaseDate": "2012-05-15", "Modification_Comment": "updated Relationships"}, {"Modification_Name": "CWE Content Team", "Modification_Organization": "MITRE", "Modification_Date": "2012-10-30", "Modification_Version": "2.3", "Modification_ReleaseDate": "2012-10-30", "Modification_Comment": "updated Potential_Mitigations"}, {"Modification_Name": "CWE Content Team", "Modification_Organization": "MITRE", "Modification_Date": "2014-07-30", "Modification_Version": "2.8", "Modification_ReleaseDate": "2014-07-31", "Modification_Comment": "updated Detection_Factors"}, {"Modification_Name": "CWE Content Team", "Modification_Organization": "MITRE", "Modification_Date": "2017-11-08", "Modification_Version": "3.0", "Modification_ReleaseDate": "2017-11-08", "Modification_Comment": "updated Applicable_Platforms, Causal_Nature, Modes_of_Introduction, Relationships"}, {"Modification_Name": "CWE Content Team", "Modification_Organization": "MITRE", "Modification_Date": "2020-02-24", "Modification_Version": "4.0", "Modification_ReleaseDate": "2020-02-24", "Modification_Comment": "updated Demonstrative_Examples, Relationships"}, {"Modification_Name": "CWE Content Team", "Modification_Organization": "MITRE", "Modification_Date": "2020-12-10", "Modification_Version": "4.3", "Modification_ReleaseDate": "2020-12-10", "Modification_Comment": "updated Relationships"}, {"Modification_Name": "CWE Content Team", "Modification_Organization": "MITRE", "Modification_Date": "2021-10-28", "Modification_Version": "4.6", "Modification_ReleaseDate": "2021-10-28", "Modification_Comment": "updated Description, Name, Observed_Examples, References, Relationships"}, {"Modification_Name": "CWE Content Team", "Modification_Organization": "MITRE", "Modification_Date": "2022-10-13", "Modification_Version": "4.9", "Modification_ReleaseDate": "2022-10-13", "Modification_Comment": "updated References"}, {"Modification_Name": "CWE Content Team", "Modification_Organization": "MITRE", "Modification_Date": "2023-04-27", "Modification_Version": "4.11", "Modification_ReleaseDate": "2023-04-27", "Modification_Comment": "updated References, Relationships"}, {"Modification_Name": "CWE Content Team", "Modification_Organization": "MITRE", "Modification_Date": "2023-06-29", "Modification_Version": "4.12", "Modification_ReleaseDate": "2023-06-29", "Modification_Comment": "updated Mapping_Notes"}, {"Modification_Name": "CWE Content Team", "Modification_Organization": "MITRE", "Modification_Date": "2023-10-26", "Modification_Version": "4.13", "Modification_ReleaseDate": "2023-10-26", "Modification_Comment": "updated Demonstrative_Examples, Observed_Examples"}, {"Modification_Name": "CWE Content Team", "Modification_Organization": "MITRE", "Modification_Date": "2024-02-29", "Modification_Version": "4.14", "Modification_ReleaseDate": "2024-02-29", "Modification_Comment": "updated Type"}, {"Modification_Name": "CWE Content Team", "Modification_Organization": "MITRE", "Modification_Date": "2025-09-09", "Modification_Version": "4.18", "Modification_ReleaseDate": "2025-09-09", "Modification_Comment": "updated References"}, {"Modification_Name": "CWE Content Team", "Modification_Organization": "MITRE", "Modification_Date": "2025-12-11", "Modification_Version": "4.19", "Modification_ReleaseDate": "2025-12-11", "Modification_Comment": "updated Relationships"}], "Previous_Entry_Name": [{"@Date": "2009-01-12", "#text": "Design Principle Violation: Insufficient Compartmentalization"}, {"@Date": "2021-10-28", "#text": "Insufficient Compartmentalization"}]}}
