LiveActive security incident?Get immediate response
CWE Reference

CWE-1249: Application-Level Admin Tool with Inconsistent… | Glexia

CWE-1249 (Application-Level Admin Tool with Inconsistent View of Underlying Operating System) weakness overview with consequences, detection methods, mitigations,…

Release 4.20weaknessIncomplete

Glexia's Take · Automated analysis

CWE-1249: Ghost in the Shell

Application-Level Admin Tool with Inconsistent View of Underlying Operating System represents a recurring weakness pattern that can create exploitable paths when design, validation, or implementation controls are missing.

Executive Impact

  • Access Control: Varies by Context
  • Accountability: Hide Activities
  • Other: Unexpected State

Developer Pattern

CWE-1249 is the kind of defect developers can usually prevent with explicit validation, safer framework defaults, and tests that exercise hostile input or unsafe state transitions.

Automation confidence

high confidence from CWE-1249, 4.20.

Generated from the cited source records. This long-tail analysis has not been individually reviewed by a named human.

Official CWE Definition

CWE-1249: Application-Level Admin Tool with Inconsistent View of Underlying Operating System

The product provides an application for administrators to manage parts of the underlying operating system, but the application does not accurately identify all of the relevant entities or resources that exist in the OS; that is, the application's model of the OS's state is inconsistent with the OS's actual state.

Type
weakness
Abstraction
Base
Status
Incomplete
Source
MITRE CWE definition

Developer And Remediation Guidance

How teams prevent and detect this weakness

Causes

  • Suppose that an attacker successfully gains root privileges on a Linux system and adds a new 'user2' account: This new user2 account would not be noticed on the web interface, if the interface does not refresh its data of available users.,It could be argued that for this specific example, an attacker with root privileges would be likely to compromise the admin tool or otherwise feed it with false data. However, this example shows how the discrepancy in critical data can help attackers to escape detection.

Remediation

  • Architecture and Design:

Detection

  • Code review
  • SAST
  • DAST
  • Focused regression tests

Mappings

Related CVEs, CWEs, and ATT&CK context

Related CWEs

Related CVEs

Related CVE mappings appear after CVE records are cross-indexed.

Open CWE CVE mapping

ATT&CK Relevance

ATT&CK relevance is shown only when reviewed or responsibly inferred.