logo

CWE-426 - Untrusted Search Path

CWE-426 High

  • Abstraction:
  • Base
  • Structure:
  • Simple
  • Status:
  • Stable
Weakness Name

Untrusted Search Path

Description

The product searches for critical resources using an externally-supplied search path that can point to resources that are not under the product's direct control.

This might allow attackers to execute their own programs, access unauthorized data files, or modify configuration in unexpected ways. If the product uses a search path to locate critical resources such as programs, then an attacker could modify that search path to point to a malicious program, which the targeted product would then execute. The problem extends to any type of critical resource that the product trusts. Some of the most common variants of untrusted search path are:

Common Consequences

Scope: Integrity, Confidentiality, Availability, Access Control

Impact: Gain Privileges or Assume Identity, Execute Unauthorized Code or Commands

Notes: There is the potential for arbitrary code execution with privileges of the vulnerable program.

Scope: Availability

Impact: DoS: Crash, Exit, or Restart

Notes: The program could be redirected to the wrong files, potentially triggering a crash or hang when the targeted file is too large or does not have the expected format.

Scope: Confidentiality

Impact: Read Files or Directories

Notes: The program could send the output of unauthorized files to the attacker.

Related Weaknesses

CWE-427Uncontrolled Search Path Element

CWE-673External Influence of Sphere Definition

CWE-428Unquoted Search Path or Element

CWE-642External Control of Critical State DataHigh

CWE-668Exposure of Resource to Wrong Sphere

  • Release Date:
  • 2006-07-19
  • Latest Modification Date:
  • 2024-07-16

Free security scan for your website