Meta attack pattern
Draft
CAPEC-233: Privilege Escalation
An adversary exploits a weakness enabling them to elevate their privilege and perform an action that they are not supposed to be authorized to perform.
Last updated
Not rated
Typical severity
Per MITRE
Not rated
Likelihood of attack
Per MITRE
3
Related weaknesses
CWEs this targets
Meta
Abstraction
MITRE classification
Overview
CAPEC-233 (Privilege Escalation) is a meta-level attack pattern catalogued by MITRE in the Common Attack Pattern Enumeration and Classification (CAPEC). It describes a recurring method attackers use to exploit software weaknesses.
Terminology & mappings
Mapped taxonomies
- ATTACK: Abuse Elevation Control Mechanism (1548)
Frequently asked questions
Common questions about CAPEC-233.
- What is CAPEC-233?
- An adversary exploits a weakness enabling them to elevate their privilege and perform an action that they are not supposed to be authorized to perform.
- What weaknesses does CAPEC-233 target?
- CAPEC-233 exploits 3 CWE weaknesses, including CWE-269 (Improper Privilege Management), CWE-1264 (Hardware Logic with Insecure De-Synchronization between Control and Data Channels), CWE-1311 (Improper Translation of Security Attributes by Fabric Bridge).
References
Attack-pattern data is sourced from the MITRE CAPEC catalog (v3.9). Weakness associations link to the corresponding CWE entries on RadicalNotion.AI.
Defend against CAPEC-233
Track the CVEs and weaknesses attackers exploit with this technique, with AI-written analysis and remediation guidance.