CVEbaza.plCWE DictionaryCWE-520
Common Weakness Enumeration

CWE-520

.NET Misconfiguration: Use of Impersonation

Category: VariantCVE: 3
Description

Allowing a .NET application to run at potentially escalated levels of access to the underlying operating and file systems can be dangerous and result in various forms of attacks.

Extended Description

.NET server applications can optionally execute using the identity of the user authenticated to the client. The intention of this functionality is to bypass authentication and access control checks within the .NET application code. Authentication is done by the underlying web server (Microsoft Internet Information Service IIS), which passes the authenticated token, or unauthenticated anonymous token, to the .NET application. Using the token to impersonate the client, the application then relies on the settings within the NTFS directories and files to control access. Impersonation enables the application, on the server running the .NET application, to both execute code and access resources in the context of the authenticated and authorized user.

CVE vulnerabilities with CWE-520 (3)
8.6
CVSS
HIGH
CVE-2019-25608

Iperius Backup 6.1.0 contains a privilege escalation vulnerability that allows low-privilege users to execute arbitrary programs with elevated privileges by creating backup jobs. Attackers can configure backup jobs to execute malicious batch files or programs before or after backup operations, which run with the privileges of the Iperius Backup Service account (Local System or Administrator), enabling privilege escalation and arbitrary code execution.

pub. 2026-03-22
7.5
CVSS
HIGH
CVE-2024-46943

An issue was discovered in OpenDaylight Authentication, Authorization and Accounting (AAA) through 0.19.3. A rogue controller can join a cluster to impersonate an offline peer, even if this rogue controller does not possess the complete cluster configuration information.

pub. 2024-09-15
7.4
CVSS
HIGH
CVE-2026-2450

.NET misconfiguration: use of impersonation vulnerability in upKeeper Solutions upKeeper Instant Privilege Access allows Hijacking a Privileged Thread of Execution.This issue affects upKeeper Instant Privilege Access: through 1.5.0.

pub. 2026-04-14
Information
ID: CWE-520
Type: Variant
Vulnerabilities: 3
MITRE CWE ↗
← CWE Dictionary
CWE-520 — .NET Misconfiguration: Use of Impersonation | CWE Dictionary | CVEbaza.pl