CWE-1249: Application-Level Admin Tool with Inconsistent… | Glexia
CWE-1249 (Application-Level Admin Tool with Inconsistent View of Underlying Operating System) weakness overview with consequences, detection methods, mitigations,…
Glexia's Take · Automated analysis
CWE-1249: Ghost in the Shell
Application-Level Admin Tool with Inconsistent View of Underlying Operating System represents a recurring weakness pattern that can create exploitable paths when design, validation, or implementation controls are missing.
Executive Impact
- Access Control: Varies by Context
- Accountability: Hide Activities
- Other: Unexpected State
Developer Pattern
CWE-1249 is the kind of defect developers can usually prevent with explicit validation, safer framework defaults, and tests that exercise hostile input or unsafe state transitions.
Automation confidence
high confidence from CWE-1249, 4.20.
Generated from the cited source records. This long-tail analysis has not been individually reviewed by a named human.
Official CWE Definition
CWE-1249: Application-Level Admin Tool with Inconsistent View of Underlying Operating System
The product provides an application for administrators to manage parts of the underlying operating system, but the application does not accurately identify all of the relevant entities or resources that exist in the OS; that is, the application's model of the OS's state is inconsistent with the OS's actual state.
Developer And Remediation Guidance
How teams prevent and detect this weakness
Causes
- Suppose that an attacker successfully gains root privileges on a Linux system and adds a new 'user2' account: This new user2 account would not be noticed on the web interface, if the interface does not refresh its data of available users.,It could be argued that for this specific example, an attacker with root privileges would be likely to compromise the admin tool or otherwise feed it with false data. However, this example shows how the discrepancy in critical data can help attackers to escape detection.
Remediation
- Architecture and Design:
Detection
- Code review
- SAST
- DAST
- Focused regression tests
Mappings
Related CVEs, CWEs, and ATT&CK context
Related CWEs
ATT&CK Relevance
ATT&CK relevance is shown only when reviewed or responsibly inferred.
