CWE-653: Improper Isolation or Compartmentalization
CWE版本: 4.18
更新日期: 2025-09-09
弱点描述
The product does not properly compartmentalize or isolate functionality, processes, or resources that require different privilege levels, rights, or permissions.
扩展描述
When a weakness occurs in functionality that is accessible by lower-privileged users, then without strong boundaries, an attack might extend the scope of the damage to higher-privileged users.
常见后果
影响范围: Access Control
技术影响: Gain Privileges or Assume Identity Bypass Protection Mechanism
说明: The exploitation of a weakness in low-privileged areas of the software can be leveraged to reach higher-privileged areas without having to overcome any additional obstacles.
潜在缓解措施
阶段: Architecture and Design
描述: Break up privileges between different modules, objects, or entities. Minimize the interfaces between modules and require strong access control between them.
检测方法
方法: Automated Static Analysis - Binary or Bytecode
有效性: SOAR Partial
方法: Manual Static Analysis - Source Code
有效性: High
方法: Architecture or Design Review
有效性: High
观察示例
参考: CVE-2021-33096
Improper isolation of shared resource in a network-on-chip leads to denial of service
参考: CVE-2019-6260
Baseboard Management Controller (BMC) device implements Advanced High-performance Bus (AHB) bridges that do not require authentication for arbitrary read and write access to the BMC's physical address space from the host, and possibly the network [REF-1138].
引入模式
| 阶段 | 说明 |
|---|---|
| Architecture and Design | COMMISSION: This weakness refers to an incorrect design related to an architectural security tactic. |
| Implementation | - |