Privilege Escalation
What is Privilege Escalation?
Privilege EscalationA class of vulnerabilities that lets an attacker gain rights beyond those originally granted, such as moving from a normal user to administrator.
Privilege escalation occurs when a flaw in software, configuration, or process allows a user or process to acquire higher permissions than intended. It is split into vertical escalation (a low-privileged user becomes admin/root/SYSTEM) and horizontal escalation (a user accesses another user's data at the same privilege level). Common causes include kernel and driver bugs, insecure setuid binaries, sudo misconfigurations, token theft on Windows, and weak access checks in web apps. Privilege escalation is a key step in most intrusions, often chained with initial-access vulnerabilities. Defences include least privilege, timely patching, kernel hardening (e.g., kASLR, SMEP/SMAP), endpoint detection, and rigorous authorization checks in applications.
● Examples
- 01
A Linux kernel bug that lets a normal user execute code as root.
- 02
An IDOR in a SaaS app that lets a tenant read another tenant's records.
● Frequently asked questions
What is Privilege Escalation?
A class of vulnerabilities that lets an attacker gain rights beyond those originally granted, such as moving from a normal user to administrator. It belongs to the Vulnerabilities category of cybersecurity.
What does Privilege Escalation mean?
A class of vulnerabilities that lets an attacker gain rights beyond those originally granted, such as moving from a normal user to administrator.
How do you defend against Privilege Escalation?
Defences for Privilege Escalation typically combine technical controls and operational practices, as detailed in the full definition above.
What are other names for Privilege Escalation?
Common alternative names include: Privilege elevation, EoP.