CAPEC-176 Detail

CAPEC-176

Name

Configuration/Environment Manipulation

Typical Severity

Medium

Status

Draft

Published

2014-06-23
00h00 +00:00

Modified

2021-06-24
00h00 +00:00

Official links

CAPEC Mitre.org

Alerte pour un CAPEC

Stay informed of any changes for a specific CAPEC.

Notifications manage

List of Notifications

Alerte pour un CAPEC

Stay informed of any changes for a specific CAPEC.

Parameters

You can specify a title that will be retrieved in the alerts that will be sent out.

Specify the CAPEC ID you wish to monitor.

Planning

Month

Next run calculation

Day

Weekday

Hour

Minute

Creation date

Last execution

Next execution

Functionality requiring a connection

This feature, which allows you to receive alerts, is only active when you are logged into your account.

Descriptions CAPEC

An attacker manipulates files or settings external to a target application which affect the behavior of that application. For example, many applications use external configuration files and libraries - modification of these entities or otherwise affecting the application's ability to use them would constitute a configuration/environment manipulation attack.

Informations CAPEC

Prerequisites

The target application must consult external files or configuration controls to control its execution. All but the very simplest applications meet this requirement.

Resources Required

The attacker must have the access necessary to affect the files or other environment items the targeted application uses for its operations.

Related Weaknesses

CWE-ID	Weakness Name
CWE-15	External Control of System or Configuration Setting One or more system settings or configuration elements can be externally controlled by a user.
CWE-1233	Security-Sensitive Hardware Controls with Missing Lock Bit Protection The product uses a register lock bit protection mechanism, but it does not ensure that the lock bit prevents modification of system registers or controls that perform changes to important hardware system configuration.
CWE-1234	Hardware Internal or Debug Modes Allow Override of Locks System configuration protection may be bypassed during debug mode.
CWE-1304	Improperly Preserved Integrity of Hardware Configuration State During a Power Save/Restore Operation The product performs a power save/restore operation, but it does not ensure that the integrity of the configuration state is maintained and/or verified between the beginning and ending of the operation.
CWE-1328	Security Version Number Mutable to Older Versions Security-version number in hardware is mutable, resulting in the ability to downgrade (roll-back) the boot firmware to vulnerable code versions.

Submission

Name	Organization	Date	Date release
CAPEC Content Team	The MITRE Corporation	2014-06-23 +00:00

Modifications

Name	Organization	Date	Comment
CAPEC Content Team	The MITRE Corporation	2019-04-04 +00:00	Updated Related_Weaknesses
CAPEC Content Team	The MITRE Corporation	2020-07-30 +00:00	Updated Related_Weaknesses, Taxonomy_Mappings
CAPEC Content Team	The MITRE Corporation	2020-12-17 +00:00	Updated Taxonomy_Mappings
CAPEC Content Team	The MITRE Corporation	2021-06-24 +00:00	Updated Related_Weaknesses

CAPEC-176 Detail

CAPEC-176

Descriptions CAPEC

Informations CAPEC

Prerequisites

Resources Required

Related Weaknesses

CWE-15

CWE-1233

CWE-1234

CWE-1304

CWE-1328

Submission

Modifications