Description
The product does not prevent the definition of control spheres from external actors.
Typically, a product defines its control sphere within the code itself, or through configuration by the product's administrator. In some cases, an external party can change the definition of the control sphere. This is typically a resultant weakness.
Potential Impact
Other
Other
Real-World CVE Examples
| CVE ID | Description |
|---|---|
| CVE-2008-2613 | setuid program allows compromise using path that finds and loads a malicious library. |
Related Weaknesses
Frequently Asked Questions
What is CWE-673?
CWE-673 (External Influence of Sphere Definition) is a software weakness identified by MITRE's Common Weakness Enumeration. It is classified as a Class-level weakness. The product does not prevent the definition of control spheres from external actors.
How can CWE-673 be exploited?
Attackers can exploit CWE-673 (External Influence of Sphere Definition) to other. This weakness is typically introduced during the Architecture and Design, Implementation phase of software development.
How do I prevent CWE-673?
Follow secure coding practices, conduct code reviews, and use automated security testing tools (SAST/DAST) to detect this weakness early in the development lifecycle.
What is the severity of CWE-673?
CWE-673 is classified as a Class-level weakness (High abstraction). It has been observed in 1 real-world CVEs.