Common Weakness Enumeration

CWE-923

Allowed-with-Review

Improper Restriction of Communication Channel to Intended Endpoints

Abstraction: Class · Status: Incomplete

The product establishes a communication channel to (or from) an endpoint for privileged or protected operations, but it does not properly ensure that it is communicating with the correct endpoint.

112 vulnerabilities reference this CWE, most recent first.

GHSA-FM9H-JR58-3CPH

Vulnerability from github – Published: 2025-11-04 21:31 – Updated: 2025-11-04 21:31
VLAI
Details

NVIDIA RunAI for all platforms contains a vulnerability where a user could cause an improper restriction of communications channels on an adjacent network. A successful exploit of this vulnerability might lead to escalation of privileges, data tampering, and information disclosure.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-33176"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-923"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-11-04T20:17:14Z",
    "severity": "MODERATE"
  },
  "details": "NVIDIA RunAI for all platforms contains a vulnerability where a user could cause an improper restriction of communications channels on an adjacent network. A successful exploit of this vulnerability might lead to escalation of privileges, data tampering, and information disclosure.",
  "id": "GHSA-fm9h-jr58-3cph",
  "modified": "2025-11-04T21:31:36Z",
  "published": "2025-11-04T21:31:36Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-33176"
    },
    {
      "type": "WEB",
      "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5719"
    },
    {
      "type": "WEB",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-33176"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:A/AC:H/PR:L/UI:R/S:C/C:L/I:H/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-FQR7-4WX7-GMFX

Vulnerability from github – Published: 2025-04-08 12:30 – Updated: 2025-04-08 12:30
VLAI
Details

Dell Common Event Enabler, version(s) CEE 9.0.0.0, contain(s) an Improper Restriction of Communication Channel to Intended Endpoints vulnerability in the Common Anti-Virus Agent (CAVA). An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to Unauthorized access.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-29986"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-923"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-04-08T11:15:44Z",
    "severity": "HIGH"
  },
  "details": "Dell Common Event Enabler, version(s) CEE 9.0.0.0, contain(s) an Improper Restriction of Communication Channel to Intended Endpoints vulnerability in the Common Anti-Virus Agent (CAVA). An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to Unauthorized access.",
  "id": "GHSA-fqr7-4wx7-gmfx",
  "modified": "2025-04-08T12:30:35Z",
  "published": "2025-04-08T12:30:35Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-29986"
    },
    {
      "type": "WEB",
      "url": "https://www.dell.com/support/kbdoc/en-us/000303931/dsa-2025-158-security-update-for-dell-common-event-enabler-vulnerabilities"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-H828-V5PV-33QX

Vulnerability from github – Published: 2023-03-03 18:30 – Updated: 2025-03-07 21:32
VLAI
Summary
coreDNS vulnerable to Improper Restriction of Communication Channel to Intended Endpoints
Details

A flaw was found in coreDNS. This flaw allows a malicious user to redirect traffic intended for external top-level domains (TLD) to a pod they control by creating projects and namespaces that match the TLD.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Go",
        "name": "github.com/coredns/coredns"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "last_affected": "1.9.3"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2022-2837"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-601",
      "CWE-923"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2023-03-06T21:43:07Z",
    "nvd_published_at": "2023-03-03T16:15:00Z",
    "severity": "MODERATE"
  },
  "details": "A flaw was found in coreDNS. This flaw allows a malicious user to redirect traffic intended for external top-level domains (TLD) to a pod they control by creating projects and namespaces that match the TLD.",
  "id": "GHSA-h828-v5pv-33qx",
  "modified": "2025-03-07T21:32:14Z",
  "published": "2023-03-03T18:30:27Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-2837"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2118543"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/coredns/coredns"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "coreDNS vulnerable to Improper Restriction of Communication Channel to Intended Endpoints"
}

GHSA-J65J-WHG7-534R

Vulnerability from github – Published: 2021-11-23 00:00 – Updated: 2024-02-28 00:02
VLAI
Details

This issue affects: Secomea GateManager All versions prior to 9.6. Improper Check of host header in web server of Secomea GateManager allows attacker to cause browser cache poisoning.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-32004"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-923"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-11-22T21:15:00Z",
    "severity": "MODERATE"
  },
  "details": "This issue affects: Secomea GateManager All versions prior to 9.6. Improper Check of host header in web server of Secomea GateManager allows attacker to cause browser cache poisoning.",
  "id": "GHSA-j65j-whg7-534r",
  "modified": "2024-02-28T00:02:12Z",
  "published": "2021-11-23T00:00:49Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-32004"
    },
    {
      "type": "WEB",
      "url": "https://www.secomea.com/support/cybersecurity-advisory/#4578"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-JCF6-FG3W-J8PH

Vulnerability from github – Published: 2022-05-13 01:45 – Updated: 2022-05-13 01:45
VLAI
Details

In BlackBerry QNX Software Development Platform (SDP) 6.6.0, an elevation of privilege vulnerability in the default configuration of the QNX SDP with QNet enabled on networks comprising two or more QNet nodes could allow an attacker to access local and remote files or take ownership of files on other QNX nodes regardless of permissions by executing commands targeting arbitrary nodes from a secondary QNX 6.6.0 QNet node.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2017-3891"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-863",
      "CWE-923"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2017-11-14T21:29:00Z",
    "severity": "HIGH"
  },
  "details": "In BlackBerry QNX Software Development Platform (SDP) 6.6.0, an elevation of privilege vulnerability in the default configuration of the QNX SDP with QNet enabled on networks comprising two or more QNet nodes could allow an attacker to access local and remote files or take ownership of files on other QNX nodes regardless of permissions by executing commands targeting arbitrary nodes from a secondary QNX 6.6.0 QNet node.",
  "id": "GHSA-jcf6-fg3w-j8ph",
  "modified": "2022-05-13T01:45:57Z",
  "published": "2022-05-13T01:45:57Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-3891"
    },
    {
      "type": "WEB",
      "url": "https://www.midnightbluelabs.com/blog/2017/12/8/elevation-of-privilege-vulnerability-in-qnx-qnet"
    },
    {
      "type": "WEB",
      "url": "http://support.blackberry.com/kb/articleDetail?articleNumber=000046674"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-JFPG-VJR8-FP9V

Vulnerability from github – Published: 2026-03-25 21:30 – Updated: 2026-03-25 21:30
VLAI
Details

IBM Concert 1.0.0 through 2.2.0 could allow a privileged user to perform unauthorized actions due to improper restriction of channel communication to intended endpoints.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-36438"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-923"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-03-25T21:16:25Z",
    "severity": "MODERATE"
  },
  "details": "IBM Concert 1.0.0 through 2.2.0 could allow a privileged user to perform unauthorized actions due to improper restriction of channel communication to intended endpoints.",
  "id": "GHSA-jfpg-vjr8-fp9v",
  "modified": "2026-03-25T21:30:36Z",
  "published": "2026-03-25T21:30:36Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-36438"
    },
    {
      "type": "WEB",
      "url": "https://www.ibm.com/support/pages/node/7267105"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-JQ2W-P8GP-86FV

Vulnerability from github – Published: 2022-09-02 00:01 – Updated: 2022-09-08 00:00
VLAI
Details

An issue was found in the Linux kernel in nf_conntrack_irc where the message handling can be confused and incorrectly matches the message. A firewall may be able to be bypassed when users are using unencrypted IRC with nf_conntrack_irc configured.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-2663"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-923"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-09-01T21:15:00Z",
    "severity": "MODERATE"
  },
  "details": "An issue was found in the Linux kernel in nf_conntrack_irc where the message handling can be confused and incorrectly matches the message. A firewall may be able to be bypassed when users are using unencrypted IRC with nf_conntrack_irc configured.",
  "id": "GHSA-jq2w-p8gp-86fv",
  "modified": "2022-09-08T00:00:29Z",
  "published": "2022-09-02T00:01:01Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-2663"
    },
    {
      "type": "WEB",
      "url": "https://dgl.cx/2022/08/nat-again-irc-cve-2022-2663"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2022/10/msg00000.html"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00001.html"
    },
    {
      "type": "WEB",
      "url": "https://lore.kernel.org/netfilter-devel/20220826045658.100360-1-dgl%40dgl.cx/T"
    },
    {
      "type": "WEB",
      "url": "https://lore.kernel.org/netfilter-devel/20220826045658.100360-1-dgl@dgl.cx/T"
    },
    {
      "type": "WEB",
      "url": "https://www.debian.org/security/2022/dsa-5257"
    },
    {
      "type": "WEB",
      "url": "https://www.openwall.com/lists/oss-security/2022/08/30/1"
    },
    {
      "type": "WEB",
      "url": "https://www.youtube.com/watch?v=WIq-YgQuYCA"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-JVWV-XXR5-8965

Vulnerability from github – Published: 2026-07-10 00:31 – Updated: 2026-07-10 00:31
VLAI
Details

An Improper Restriction of Communication Channel to Intended Endpoints vulnerability in Juniper Networks Junos OS Evolved allows an unauthenticated, network-based attacker to cause license exhaustion.

Due to an incorrect initialization, a process which should only be able to communicate internally within the device, can be reached over the network via an open port. This leads to unauthorized access to the license management.

This issue affects all Junos OS Evolved versions before 23.2R2-EVO.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-57028"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-923"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-07-09T22:17:08Z",
    "severity": "MODERATE"
  },
  "details": "An Improper Restriction of Communication Channel to Intended Endpoints vulnerability in Juniper Networks Junos OS Evolved allows an unauthenticated, network-based attacker to cause license exhaustion.\n\n\nDue to an incorrect initialization, a process which should only be able to communicate internally within the device, can be reached over the network via an open port. This leads to unauthorized access to the license management.\n\nThis issue affects all Junos OS Evolved versions before 23.2R2-EVO.",
  "id": "GHSA-jvwv-xxr5-8965",
  "modified": "2026-07-10T00:31:26Z",
  "published": "2026-07-10T00:31:26Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-57028"
    },
    {
      "type": "WEB",
      "url": "https://supportportal.juniper.net/JSA110088"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:Y/R:U/V:X/RE:M/U:X",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-M5W6-R57X-W289

Vulnerability from github – Published: 2026-05-26 18:31 – Updated: 2026-05-26 18:31
VLAI
Details

IBM watsonx.data 2.2 through 2.3.1 IBM Lakehouse does not properly restrict inbound and outbound connections which could allow an attacker to transfer or modify files without restrictions.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-36145"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-923"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-05-26T17:16:28Z",
    "severity": "MODERATE"
  },
  "details": "IBM watsonx.data 2.2 through 2.3.1 IBM Lakehouse does not properly restrict inbound and outbound connections which could allow an attacker to transfer or modify files without restrictions.",
  "id": "GHSA-m5w6-r57x-w289",
  "modified": "2026-05-26T18:31:45Z",
  "published": "2026-05-26T18:31:45Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-36145"
    },
    {
      "type": "WEB",
      "url": "https://www.ibm.com/support/pages/node/7272498"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-M9G2-WM3W-Q6RV

Vulnerability from github – Published: 2025-04-08 15:31 – Updated: 2025-04-08 15:31
VLAI
Details

A improper restriction of communication channel to intended endpoints vulnerability [CWE-923] in Fortinet FortiOS version 7.4.0 through 7.4.4, 7.2.0 through 7.2.8, 7.0.0 through 7.0.15, 6.4.0 through 6.4.15 and before 6.2.16, Fortinet FortiProxy version 7.4.0 through 7.4.2, 7.2.0 through 7.2.9 and before 7.0.15, Fortinet FortiManager version 7.4.0 through 7.4.2, 7.2.0 through 7.2.4, 7.0.0 through 7.0.11, 6.4.0 through 6.4.14 and before 6.2.13, Fortinet FortiAnalyzer version 7.4.0 through 7.4.2, 7.2.0 through 7.2.4, 7.0.0 through 7.0.11, 6.4.0 through 6.4.14 and before 6.2.13, Fortinet FortiVoice version 7.0.0 through 7.0.2 before 6.4.8 and Fortinet FortiWeb before 7.4.2 may allow an unauthenticated attacker in a man-in-the-middle position to impersonate the management device (FortiCloud server or/and in certain conditions, FortiManager), via intercepting the FGFM authentication request between the management device and the managed device

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-26013"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-923"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-04-08T14:15:30Z",
    "severity": "HIGH"
  },
  "details": "A improper restriction of communication channel to intended endpoints vulnerability [CWE-923] in Fortinet FortiOS version 7.4.0 through 7.4.4, 7.2.0 through 7.2.8, 7.0.0 through 7.0.15, 6.4.0 through 6.4.15 and before 6.2.16, Fortinet FortiProxy version 7.4.0 through 7.4.2, 7.2.0 through 7.2.9 and before 7.0.15, Fortinet FortiManager version 7.4.0 through 7.4.2, 7.2.0 through 7.2.4, 7.0.0 through 7.0.11, 6.4.0 through 6.4.14 and before 6.2.13, Fortinet FortiAnalyzer version 7.4.0 through 7.4.2, 7.2.0 through 7.2.4, 7.0.0 through 7.0.11, 6.4.0 through 6.4.14 and before 6.2.13, Fortinet FortiVoice version 7.0.0 through 7.0.2 before 6.4.8 and Fortinet FortiWeb before 7.4.2 may allow an unauthenticated attacker in a man-in-the-middle position to impersonate the management device (FortiCloud server or/and in certain conditions, FortiManager), via intercepting the FGFM authentication request between the management device and the managed device",
  "id": "GHSA-m9g2-wm3w-q6rv",
  "modified": "2025-04-08T15:31:04Z",
  "published": "2025-04-08T15:31:04Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-26013"
    },
    {
      "type": "WEB",
      "url": "https://fortiguard.fortinet.com/psirt/FG-IR-24-046"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

No mitigation information available for this CWE.

CAPEC-161: Infrastructure Manipulation

An attacker exploits characteristics of the infrastructure of a network entity in order to perpetrate attacks or information gathering on network objects or effect a change in the ordinary information flow between network objects. Most often, this involves manipulation of the routing of network messages so, instead of arriving at their proper destination, they are directed towards an entity of the attackers' choosing, usually a server controlled by the attacker. The victim is often unaware that their messages are not being processed correctly. For example, a targeted client may believe they are connecting to their own bank but, in fact, be connecting to a Pharming site controlled by the attacker which then collects the user's login information in order to hijack the actual bank account.

CAPEC-481: Contradictory Destinations in Traffic Routing Schemes

Adversaries can provide contradictory destinations when sending messages. Traffic is routed in networks using the domain names in various headers available at different levels of the OSI model. In a Content Delivery Network (CDN) multiple domains might be available, and if there are contradictory domain names provided it is possible to route traffic to an inappropriate destination. The technique, called Domain Fronting, involves using different domain names in the SNI field of the TLS header and the Host field of the HTTP header. An alternative technique, called Domainless Fronting, is similar, but the SNI field is left blank.

CAPEC-501: Android Activity Hijack

An adversary intercepts an implicit intent sent to launch a Android-based trusted activity and instead launches a counterfeit activity in its place. The malicious activity is then used to mimic the trusted activity's user interface and prompt the target to enter sensitive data as if they were interacting with the trusted activity.

CAPEC-697: DHCP Spoofing

An adversary masquerades as a legitimate Dynamic Host Configuration Protocol (DHCP) server by spoofing DHCP traffic, with the goal of redirecting network traffic or denying service to DHCP.