CWE-424
Allowed-with-ReviewImproper Protection of Alternate Path
Abstraction: Class · Status: Draft
The product does not sufficiently protect all possible paths that a user can take to access restricted functionality or resources.
61 vulnerabilities reference this CWE, most recent first.
GHSA-H7M2-WMQ5-3GW5
Vulnerability from github – Published: 2025-10-16 12:30 – Updated: 2025-10-16 12:30Improper Protection of Alternate Path (CWE-424) in the AppSuite of desknet's NEO V4.0R1.0 to V9.0R2.0 allows an attacker to create malicious AppSuite applications.
{
"affected": [],
"aliases": [
"CVE-2025-58079"
],
"database_specific": {
"cwe_ids": [
"CWE-424"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-10-16T10:15:43Z",
"severity": "MODERATE"
},
"details": "Improper Protection of Alternate Path (CWE-424) in the AppSuite of desknet\u0027s NEO V4.0R1.0 to V9.0R2.0 allows an attacker to create malicious AppSuite applications.",
"id": "GHSA-h7m2-wmq5-3gw5",
"modified": "2025-10-16T12:30:23Z",
"published": "2025-10-16T12:30:23Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-58079"
},
{
"type": "WEB",
"url": "https://jvn.jp/en/jp/JVN90757550"
},
{
"type": "WEB",
"url": "https://www.desknets.com/neo/support/mainte/17475"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-J8X5-54P6-CQVM
Vulnerability from github – Published: 2025-02-12 21:31 – Updated: 2025-04-09 18:30A problem with the network isolation mechanism of the Palo Alto Networks Cortex XDR Broker VM allows attackers unauthorized access to Docker containers from the host network used by Broker VM. This may allow access to read files sent for analysis and logs transmitted by the Cortex XDR Agent to the Cortex XDR server.
{
"affected": [],
"aliases": [
"CVE-2025-0113"
],
"database_specific": {
"cwe_ids": [
"CWE-424"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-02-12T21:15:16Z",
"severity": "MODERATE"
},
"details": "A problem with the network isolation mechanism of the Palo Alto Networks Cortex XDR Broker VM allows attackers unauthorized access to Docker containers from the host network used by Broker VM. This may allow access to read files sent for analysis and logs transmitted by the Cortex XDR Agent to the Cortex XDR server.",
"id": "GHSA-j8x5-54p6-cqvm",
"modified": "2025-04-09T18:30:47Z",
"published": "2025-02-12T21:31:54Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-0113"
},
{
"type": "WEB",
"url": "https://security.paloaltonetworks.com/CVE-2024-0113"
},
{
"type": "WEB",
"url": "https://security.paloaltonetworks.com/CVE-2025-0113"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:4.0/AV:P/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:Y/R:U/V:C/RE:M/U:Amber",
"type": "CVSS_V4"
}
]
}
GHSA-JJV8-4R6F-2MJ4
Vulnerability from github – Published: 2022-03-11 00:02 – Updated: 2022-03-18 00:01Improper Protection of Alternate Path vulnerability in Setup wizard process prior to SMR Mar-2022 Release 1 allows physical attacker package installation before finishing Setup wizard.
{
"affected": [],
"aliases": [
"CVE-2022-24932"
],
"database_specific": {
"cwe_ids": [
"CWE-424",
"CWE-425"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-03-10T17:46:00Z",
"severity": "MODERATE"
},
"details": "Improper Protection of Alternate Path vulnerability in Setup wizard process prior to SMR Mar-2022 Release 1 allows physical attacker package installation before finishing Setup wizard.",
"id": "GHSA-jjv8-4r6f-2mj4",
"modified": "2022-03-18T00:01:21Z",
"published": "2022-03-11T00:02:13Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-24932"
},
{
"type": "WEB",
"url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2022\u0026month=3"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-MMPQ-QPJ6-6R97
Vulnerability from github – Published: 2025-06-03 00:31 – Updated: 2025-06-03 00:31Arris VIP1113 devices through 2025-05-30 with KreaTV SDK allow file overwrite via TFTP because a remote filename with a space character allows an attacker to control the local filename.
{
"affected": [],
"aliases": [
"CVE-2025-49162"
],
"database_specific": {
"cwe_ids": [
"CWE-424"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-06-03T00:15:20Z",
"severity": "MODERATE"
},
"details": "Arris VIP1113 devices through 2025-05-30 with KreaTV SDK allow file overwrite via TFTP because a remote filename with a space character allows an attacker to control the local filename.",
"id": "GHSA-mmpq-qpj6-6r97",
"modified": "2025-06-03T00:31:02Z",
"published": "2025-06-03T00:31:02Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-49162"
},
{
"type": "WEB",
"url": "https://full-disclosure.eu/reports/2025/FDEU-CVE-2025-1c00-arris-bootloader-shell-injection.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-P8RH-53X8-6WW5
Vulnerability from github – Published: 2024-05-14 18:30 – Updated: 2025-02-12 18:31In KioWare for Windows (versions all through 8.34) it is possible to exit this software and use other already opened applications utilizing a short time window before the forced automatic logout occurs. Then, by using some built-in function of these applications, one may launch any other programs. In order to exploit this vulnerability external applications must be left running when the KioWare software is launched. Additionally, an attacker must know the PIN set for this Kioware instance and also slow down the application with some specific task which extends the usable time window.
{
"affected": [],
"aliases": [
"CVE-2024-3460"
],
"database_specific": {
"cwe_ids": [
"CWE-424"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-05-14T15:41:12Z",
"severity": "HIGH"
},
"details": "In KioWare for Windows (versions all through 8.34)\u00a0it is possible to exit this software\u00a0and use other already opened applications utilizing a short time window before the forced automatic logout occurs. Then, by using some built-in function of these applications, one may launch any other programs.\u00a0\nIn order to exploit this vulnerability external applications must be left running when the KioWare software is launched. Additionally, an attacker must know\u00a0the PIN set for this Kioware instance and also slow down the application with some specific task which extends the usable time window.",
"id": "GHSA-p8rh-53x8-6ww5",
"modified": "2025-02-12T18:31:28Z",
"published": "2024-05-14T18:30:52Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-3460"
},
{
"type": "WEB",
"url": "https://cert.pl/en/posts/2024/04/CVE-2024-3459"
},
{
"type": "WEB",
"url": "https://cert.pl/posts/2024/04/CVE-2024-3459"
},
{
"type": "WEB",
"url": "https://www.kioware.com"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-R39R-M7WQ-966M
Vulnerability from github – Published: 2026-04-14 15:30 – Updated: 2026-04-14 15:30Improper protection of an alternate path in Ivanti N-ITSM before version 2025.4 allows a remote authenticated attacker to retain access when their account has been disabled.
{
"affected": [],
"aliases": [
"CVE-2026-4913"
],
"database_specific": {
"cwe_ids": [
"CWE-424"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-04-14T15:16:39Z",
"severity": "MODERATE"
},
"details": "Improper protection of an alternate path\u00a0in\u00a0Ivanti\u00a0N-ITSM\u00a0before\u00a0version 2025.4\u00a0allows a\u00a0remote authenticated\u00a0attacker to\u00a0retain access when their account has been\u00a0disabled.",
"id": "GHSA-r39r-m7wq-966m",
"modified": "2026-04-14T15:30:35Z",
"published": "2026-04-14T15:30:35Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-4913"
},
{
"type": "WEB",
"url": "https://hub.ivanti.com/s/article/Security-Advisory-Ivanti-Neurons-for-ITSM-CVE-2026-4913-CVE-2026-4914?language=en_US"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-R3PQ-877R-MPFH
Vulnerability from github – Published: 2023-11-21 21:30 – Updated: 2023-11-21 21:30A vulnerability in the web-based management interface of Cisco Identity Services Engine could allow an authenticated, remote attacker to upload malicious files to the web root of the application. This vulnerability is due to insufficient file input validation. An attacker could exploit this vulnerability by uploading a malicious file to the web interface. A successful exploit could allow the attacker to replace files and gain access to sensitive server-side information.
{
"affected": [],
"aliases": [
"CVE-2023-20272"
],
"database_specific": {
"cwe_ids": [
"CWE-424"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-11-21T19:15:08Z",
"severity": "MODERATE"
},
"details": "A vulnerability in the web-based management interface of Cisco Identity Services Engine could allow an authenticated, remote attacker to upload malicious files to the web root of the application. This vulnerability is due to insufficient file input validation. An attacker could exploit this vulnerability by uploading a malicious file to the web interface. A successful exploit could allow the attacker to replace files and gain access to sensitive server-side information.",
"id": "GHSA-r3pq-877r-mpfh",
"modified": "2023-11-21T21:30:23Z",
"published": "2023-11-21T21:30:23Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-20272"
},
{
"type": "WEB",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-mult-j-KxpNynR"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:L",
"type": "CVSS_V3"
}
]
}
GHSA-RC4H-XGCC-X9W4
Vulnerability from github – Published: 2023-09-25 18:30 – Updated: 2024-04-04 07:50Docker Desktop before 4.23.0 allows an unprivileged user to bypass Enhanced Container Isolation (ECI) restrictions via the debug shell which remains accessible for a short time window after launching Docker Desktop. The affected functionality is available for Docker Business customers only and assumes an environment where users are not granted local root or Administrator privileges.
This issue has been fixed in Docker Desktop 4.23.0.
Affected Docker Desktop versions: from 4.13.0 before 4.23.0.
{
"affected": [],
"aliases": [
"CVE-2023-5165"
],
"database_specific": {
"cwe_ids": [
"CWE-424",
"CWE-862"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-09-25T16:15:15Z",
"severity": "HIGH"
},
"details": "Docker Desktop before 4.23.0 allows an unprivileged user to bypass Enhanced Container Isolation (ECI) restrictions via the debug shell which remains accessible for a short time window after launching Docker Desktop. The affected functionality is available for Docker Business customers only and assumes an environment where users are not granted local root or Administrator privileges. \n\nThis issue has been fixed in Docker Desktop 4.23.0. \n\nAffected Docker Desktop versions: from 4.13.0 before 4.23.0.\n",
"id": "GHSA-rc4h-xgcc-x9w4",
"modified": "2024-04-04T07:50:47Z",
"published": "2023-09-25T18:30:51Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-5165"
},
{
"type": "WEB",
"url": "https://docs.docker.com/desktop/release-notes/#4230"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-VXHP-FM7F-3JRP
Vulnerability from github – Published: 2025-07-28 18:31 – Updated: 2025-08-04 15:31Prior to 25.4.270.0, when wmic.exe is elevated with a full admin token the user can stop the Defendpoint service, bypassing anti-tamper protections. Once the service is disabled, the malicious user can add themselves to Administrators group and run any process with elevated permissions.
{
"affected": [],
"aliases": [
"CVE-2025-6250"
],
"database_specific": {
"cwe_ids": [
"CWE-424"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-07-28T16:15:24Z",
"severity": "HIGH"
},
"details": "Prior to 25.4.270.0, when wmic.exe is elevated with a full admin token the user can stop the Defendpoint service, bypassing anti-tamper protections. Once the service is disabled, the malicious user can add themselves to Administrators group and run any process with elevated permissions.",
"id": "GHSA-vxhp-fm7f-3jrp",
"modified": "2025-08-04T15:31:08Z",
"published": "2025-07-28T18:31:26Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-6250"
},
{
"type": "WEB",
"url": "https://www.beyondtrust.com/trust-center/security-advisories/bt25-06"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-VXVX-HWWH-PP7C
Vulnerability from github – Published: 2026-07-10 06:31 – Updated: 2026-07-10 09:31In OpenStack Ironic before 37.0.1, an Ironic user with the ability to deploy nodes using the IPMI management interface can maliciously use the send_raw step to send arbitrary IPMI commands to a node, bypassing Ironic's access control.
{
"affected": [],
"aliases": [
"CVE-2026-54423"
],
"database_specific": {
"cwe_ids": [
"CWE-424"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-07-10T04:17:52Z",
"severity": "HIGH"
},
"details": "In OpenStack Ironic before 37.0.1, an Ironic user with the ability to deploy nodes using the IPMI management interface can maliciously use the send_raw step to send arbitrary IPMI commands to a node, bypassing Ironic\u0027s access control.",
"id": "GHSA-vxvx-hwwh-pp7c",
"modified": "2026-07-10T09:31:36Z",
"published": "2026-07-10T06:31:20Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-54423"
},
{
"type": "WEB",
"url": "https://bugs.launchpad.net/ironic/+bug/2150458"
},
{
"type": "WEB",
"url": "https://security.openstack.org/ossa/OSSA-2026-025.html"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2026/07/08/3"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:H",
"type": "CVSS_V3"
}
]
}
Mitigation
Deploy different layers of protection to implement security in depth.
CAPEC-127: Directory Indexing
An adversary crafts a request to a target that results in the target listing/indexing the content of a directory as output. One common method of triggering directory contents as output is to construct a request containing a path that terminates in a directory name rather than a file name since many applications are configured to provide a list of the directory's contents when such a request is received. An adversary can use this to explore the directory tree on a target as well as learn the names of files. This can often end up revealing test files, backup files, temporary files, hidden files, configuration files, user accounts, script contents, as well as naming conventions, all of which can be used by an attacker to mount additional attacks.
CAPEC-554: Functionality Bypass
An adversary attacks a system by bypassing some or all functionality intended to protect it. Often, a system user will think that protection is in place, but the functionality behind those protections has been disabled by the adversary.