Privilege Escalation — Gaining Higher Access Rights Than Intended
Privilege Escalation is an attack technique where a user or process gains higher permissions than originally granted. This SECMONS glossary entry explains vertical and horizontal privilege escalation, common exploitation paths, and defensive mitigation strategies.
What Is Privilege Escalation? 🧠
Privilege Escalation occurs when a user, process, or attacker gains access rights beyond what was originally authorized.
It is typically a post-exploitation stage, meaning it follows an initial foothold such as:
- /glossary/initial-access/
- Exploitation of a vulnerability listed under /vulnerabilities/
- Credential compromise techniques like /glossary/credential-stuffing/
- Session abuse such as /glossary/session-hijacking/
Privilege escalation transforms limited access into broader system control.
Types of Privilege Escalation 🔎
There are two primary forms:
1️⃣ Vertical Privilege Escalation
Vertical escalation occurs when a lower-privileged account gains higher privileges.
Examples:
- Standard user → Administrator
- Web service account → Root
- Application user → Database superuser
Vertical escalation often results from:
- Misconfigured permissions
- Kernel vulnerabilities
- Weak access control enforcement
- Logic flaws in authorization systems
2️⃣ Horizontal Privilege Escalation
Horizontal escalation occurs when a user gains access to another user’s data or permissions at the same privilege level.
This frequently overlaps with vulnerabilities such as:
- /glossary/insecure-direct-object-reference/
- Access control weaknesses
- Broken role enforcement
While less dramatic than vertical escalation, horizontal access can expose large volumes of sensitive data.
Why Privilege Escalation Is Dangerous 🎯
Privilege escalation allows attackers to:
- Disable security controls
- Access restricted files
- Extract sensitive credentials
- Deploy persistence mechanisms
- Conduct /glossary/lateral-movement/
- Achieve full system compromise
Many high-impact breaches documented under /breaches/ include privilege escalation as a key stage.
If a privilege escalation vulnerability is confirmed as /glossary/exploited-in-the-wild/ or added to /glossary/known-exploited-vulnerabilities-kev/, remediation urgency is critical.
Privilege Escalation vs Initial Access 🔄
| Attack Stage | Objective |
|---|---|
| Initial Access | Enter the system |
| Privilege Escalation | Increase control |
| Persistence | Maintain access |
| Lateral Movement | Expand reach |
Privilege escalation is often the bridge between entry and full compromise.
Common Exploitation Paths 🔬
Privilege escalation may exploit:
- Unpatched local vulnerabilities
- Misconfigured file permissions
- Weak service account configurations
- SUID/SGID mismanagement
- Token impersonation flaws
- Kernel-level weaknesses
- Deserialization or logic flaws in enterprise software
Defensive Considerations 🛡️
Reducing privilege escalation risk requires:
- Strict least privilege enforcement
- Regular privilege audits
- Patch management discipline
- Separation of duties
- Monitoring abnormal privilege changes
- Hardened service account configurations
- Disabling unnecessary administrative interfaces
Operational mitigation guidance is typically documented under:
Why SECMONS Treats Privilege Escalation as Strategic 📌
Privilege escalation is rarely the first step in an intrusion — but it is often the turning point.
Understanding how limited access becomes full control helps defenders assess true operational impact beyond initial vulnerability disclosure.
Authoritative References 📎
- MITRE ATT&CK — Privilege Escalation (TA0004): https://attack.mitre.org/tactics/TA0004/
- NIST Access Control Guidance: https://csrc.nist.gov/