Base weakness

Incomplete

CWE-273: Improper Check for Dropped Privileges

The product attempts to drop privileges but does not check or incorrectly checks to see if the drop succeeded.

Recorded CVEs

With this primary weakness

KEVs

In the CISA KEV catalog

Medium

Likelihood of exploit

Per MITRE

Base

Abstraction

MITRE classification

Overview

If the drop fails, the product will continue to run with the raised privileges, which might provide additional access to unprivileged users.

Background

In Windows based environments that have access control, impersonation is used so that access checks can be performed on a client identity by a server with higher privileges. By impersonating the client, the server is restricted to client-level security -- although in different threads it may have much higher privileges.

CWE-273: Improper Check for Dropped Privileges

Overview

Background

Real-world CVEs

Common consequences

How it happens

When it is introduced

How to prevent it

How to detect it

Automated Static Analysis

Code examples

Illustrative examples

Terminology & mappings

Mapped taxonomies

Frequently asked questions

What is CWE-273?

What CVEs are caused by CWE-273?

How do you prevent CWE-273?

How is CWE-273 detected?

What are the consequences of CWE-273?

Is CWE-273 actively exploited?

References

Stay ahead of CWE-273

Overview

Background

Real-world CVEs

Common consequences

How it happens

When it is introduced

How to prevent it

How to detect it

Automated Static Analysis

Code examples

Illustrative examples

Related weaknesses

Parent

Peer

Terminology & mappings

Mapped taxonomies

Frequently asked questions

What is CWE-273?

What CVEs are caused by CWE-273?

How do you prevent CWE-273?

How is CWE-273 detected?

What are the consequences of CWE-273?

Is CWE-273 actively exploited?

References

Stay ahead of CWE-273