CWE-300: Channel Accessible by Non-Endpoint
low-riskThe product does not adequately verify the identity of actors at both ends of a communication channel, or does not adequately ensure the integrity of the channel, in a way that allows the channel to be accessed or influenced by an actor that is not an endpoint.
Common Consequences
Detection Methods
Some tools can act as proxy servers that allow the tester to intercept packets or messages, inspect them, and modify them before sending them to the destination in order to see if the modified packets are still accepted by the receiving component.
Dynamic Application Security Testing (DAST) tools can be used to detect network traffic without encryption and/or verification. The affected protocol may be subject to Adversary-in-the-Middle attacks. Some tools act as proxy servers that allow the tester to inspect and modify packets/messages to see if they are still accepted by the receiving component.
Automated static analysis, commonly referred to as Static Application Security Testing (SAST), can find some instances of this weakness by analyzing source code (or binary/compiled code) without having to execute it. Typically, this is done by building a model of data flow and control flow, then searching for potentially-vulnerable patterns that connect "sources" (origins of input) with "sinks" (destinations where the data interacts with external components, a lower layer such as the OS, etc.) The analysis could identify use of protocols that are subject to Adversary-in-the-Middle attacks.
Real-World Examples (10)
| CVE | CVSS | EPSS | KEV |
|---|---|---|---|
| CVE-2017-12150 | 7.4 | 19.9% | — |
| CVE-2020-10749 | 6.0 | 5.2% | — |
| CVE-2017-12151 | 7.4 | 4.1% | — |
| CVE-2017-7480 | 9.8 | 2.1% | — |
| CVE-2023-2310 | 6.8 | 0.8% | — |
| CVE-2021-22909 | 7.5 | 0.6% | — |
| CVE-2023-7008 | 5.9 | 0.4% | — |
| CVE-2024-32049 | 7.4 | 0.4% | — |
| CVE-2021-41033 | 8.1 | 0.4% | — |
| CVE-2024-45407 | 6.5 | 0.4% | — |