CWE · MITRE source
CWE-300Channel Accessible by Non-Endpoint
The product does not adequately verify the identity of actors at both ends of a communication channel, or does not adequately ensure the integrity of the channel, in a way that allows the channel to be accessed or influenced by an actor that is not an endpoint.
In order to establish secure communication between two parties, it is often important to adequately verify the identity of entities at each end of the communication channel. Inadequate or inconsistent verification may result in insufficient or incorrect identification of either communicating entity. This can have negative consequences such as misplaced trust in the entity at the other end of the channel. An attacker can leverage this by interposing between the communicating entities and masquerading as the original entity. In the absence of sufficient verification of identity, such an attacker can eavesdrop and potentially modify the communication between the original entities.
Last updated: 09 May 2026 03:25 UTC
NIST 800-53 r5 controls that address this weakness (11)AI
Showing the 6 most specific. Generic controls that address many weakness types are collapsed below.
| Control | Title | Family | Why it addresses this CWE |
|---|---|---|---|
SC-11 | Trusted Path | SC | Explicitly isolates the communications path so it cannot be accessed or intercepted by non-endpoint entities during security functions. |
SC-19 | Voice Over Internet Protocol | SC | Restrictions and channel controls reduce the chance that VoIP media or signaling streams remain accessible to non-participants. |
SC-23 | Session Authenticity | SC | Directly prevents non-endpoint access or interception of the session communication path. |
IA-3 | Device Identification and Authentication | IA | Ensures only authenticated endpoints can access the communication channel, blocking unauthorized non-endpoint access. |
PE-4 | Access Control for Transmission | PE | Physically restricts transmission channels so they cannot be accessed or tapped by non-endpoint actors within facilities. |
RA-6 | Technical Surveillance Countermeasures Survey | RA | Periodic TSCM surveys identify unauthorized access points or taps that make communication channels reachable by non-endpoint adversaries. |
Show 5 more broadly-applicable controls
SC-37 | Out-of-band Channels | SC | An out-of-band channel is inaccessible to non-endpoints that can observe or interfere with the primary communication channel. |
SC-40 | Wireless Link Protection | SC | The control restricts an inherently broadcast wireless channel to only intended endpoints, mitigating accessibility by non-endpoints. |
SC-41 | Port and I/O Device Access | SC | Eliminates channels that could be accessed by non-endpoint actors through disabled ports and devices. |
SC-8 | Transmission Confidentiality and Integrity | SC | Confidentiality and integrity protections on the transmission channel directly reduce the ability of non-endpoint actors to access or tamper with the data. |
SC-9 | Transmission Confidentiality | SC | Renders the transmission channel inaccessible to non-endpoint eavesdroppers through encryption, eliminating the weakness class. |
Top CVEs of this weakness type, ranked by Risk Priority
| CVE | Risk | CVSS | EPSS | Published |
|---|---|---|---|---|
CVE-2017-12150 | 2.7 | 7.4 | 0.1990 | 2018-07-26 |
CVE-2017-7480 | 2.1 | 9.8 | 0.0214 | 2017-07-21 |
CVE-2019-3793 | 2.0 | 9.8 | 0.0025 | 2019-04-24 |
CVE-2017-12151 | 1.7 | 7.4 | 0.0415 | 2018-07-27 |
CVE-2023-31004 | 1.7 | 8.3 | 0.0013 | 2024-02-03 |
CVE-2019-5456 | 1.6 | 8.1 | 0.0036 | 2019-07-30 |
CVE-2021-41033 | 1.6 | 8.1 | 0.0043 | 2021-09-13 |
CVE-2021-21953 | 1.6 | 8.1 | 0.0031 | 2021-12-22 |
CVE-2023-32634 | 1.6 | 7.8 | 0.0003 | 2023-10-12 |
CVE-2024-31206 | 1.6 | 8.2 | 0.0004 | 2024-04-04 |
CVE-2024-36553 | 1.6 | 8.1 | 0.0009 | 2025-02-06 |
CVE-2025-20122 | 1.6 | 7.8 | 0.0006 | 2025-05-07 |
CVE-2025-31214 | 1.6 | 8.1 | 0.0027 | 2025-05-12 |
CVE-2017-6870 | 1.5 | 7.4 | 0.0024 | 2017-08-08 |
CVE-2017-9941 | 1.5 | 7.4 | 0.0019 | 2017-08-08 |
CVE-2017-12735 | 1.5 | 7.4 | 0.0024 | 2017-08-30 |
CVE-2017-15086 | 1.5 | 7.4 | 0.0026 | 2017-11-08 |
CVE-2019-14899 | 1.5 | 7.4 | 0.0005 | 2019-12-11 |
CVE-2020-10749 | 1.5 | 6.0 | 0.0519 | 2020-06-03 |
CVE-2021-22909 | 1.5 | 7.5 | 0.0056 | 2021-05-27 |
CVE-2021-32926 | 1.5 | 7.5 | 0.0013 | 2021-06-03 |
CVE-2024-32049 | 1.5 | 7.4 | 0.0043 | 2024-05-08 |
CVE-2025-40770 | 1.5 | 7.4 | 0.0002 | 2025-08-12 |
CVE-2025-63363 | 1.5 | 7.5 | 0.0007 | 2025-12-04 |
CVE-2019-0054 | 1.4 | 6.8 | 0.0008 | 2019-10-09 |