CWE-269: Improper Privilege Management vulnerability exists that could cause privilege escalation and arbitrary code execution when a privileged engineer user with console access modifies a configuration file used by a root-level daemon to execute custom scripts.
The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.