The product protects a primary channel, but it does not use the same level of protection for an alternate channel.
Identify all alternate channels and use the same protection mechanisms that are used for the primary channels.
CVE-2020-8004When the internal flash is protected by blocking access on the Data Bus (DBUS), it can still be indirectly accessed through the Instruction Bus (IBUS).
CVE-2002-0567DB server assumes that local clients have performed authentication, allowing attacker to directly connect to a process to load libraries and execute commands; a socket interface also exists (another alternate channel), so attack can be remote.
CVE-2002-1578Product does not restrict access to underlying database, so attacker can bypass restrictions by directly querying the database.
CVE-2003-1035User can avoid lockouts by using an API instead of the GUI to conduct brute force password guessing.
CVE-2002-1863FTP service can not be disabled even when other access controls would require it.