| Definition |
Attacker positive factors higher-level entry than initially permitted |
Attacker accesses different customers’ information or actions on the identical privilege stage |
| Additionally Recognized As |
Privilege Elevation |
Lateral Privilege Escalation |
| Goal |
Escalate from regular person to admin/superuser |
Entry peer accounts or information with out rising privilege stage |
| How It Works |
Exploits software program vulnerabilities or misconfigurations to achieve elevated permissions |
Makes use of stolen credentials, session hijacking, or weak entry management |
| Instance |
An everyday person exploits a bug to change into a system administrator |
One worker accesses one other’s electronic mail or recordsdata utilizing their credentials |
| Danger Degree |
Excessive – attacker positive factors management over crucial methods or safety settings |
Medium to Excessive – can result in information theft or allow vertical escalation |
| Focused Weaknesses |
Insecure system settings, unpatched software program, improper function assignments |
Damaged entry controls, shared credentials, poor session administration |
| Safety Impression |
Can disable safety instruments, steal delicate information, set up malware, or create backdoors |
Can unfold laterally inside the community and probably attain higher-privilege targets |
