CWE-514 (Covert Channel) is a common software weakness type identified by MITRE's CWE dictionary.

What is the difference between CVE and CWE?

CWE refers to the type of software weakness (root cause), while CVE refers to a specific instance of a vulnerability in a product.

Back to CWE Database

CWE-514

Covert Channel

Weakness Description

A covert channel is a path that can be used to transfer information in a way not intended by the system's designers.

Typically the system has not given authorization for the transmission and has no knowledge of its occurrence.

Common Consequences

ConfidentialityAccess Control

Read Application DataBypass Protection Mechanism

Detection Methods

Architecture or Design Review

According to SOAR [REF-1479], the following detection techniques may be useful: ``` Cost effective for partial coverage: ``` Inspection (IEEE 1028 standard) (can apply to requirements, design, source code, etc.)

Effectiveness: SOAR Partial

Related Weaknesses

CWE-1229

Related Resources

Browse CWE Database

Explore 493 software weaknesses

CVE Database

Search 294,000+ vulnerabilities

Security Writeups

Learn from real-world examples

About 4nuxd

Cybersecurity research & tools

Get in touch for collaboration

Homepage

Explore more security resources