CAPEC-480 Detail

CAPEC-480

Name

Escaping Virtualization

Likihood attacks

Low

Typical Severity

Status

Draft

Published

2019-09-30
00h00 +00:00

Modified

2021-10-21
00h00 +00:00

Official links

CAPEC Mitre.org

Alerte pour un CAPEC

Stay informed of any changes for a specific CAPEC.

Notifications manage

List of Notifications

Alerte pour un CAPEC

Stay informed of any changes for a specific CAPEC.

Parameters

You can specify a title that will be retrieved in the alerts that will be sent out.

Specify the CAPEC ID you wish to monitor.

Planning

Month

Next run calculation

Day

Weekday

Hour

Minute

Creation date

Last execution

Next execution

Functionality requiring a connection

This feature, which allows you to receive alerts, is only active when you are logged into your account.

Descriptions CAPEC

An adversary gains access to an application, service, or device with the privileges of an authorized or privileged user by escaping the confines of a virtualized environment. The adversary is then able to access resources or execute unauthorized code within the host environment, generally with the privileges of the user running the virtualized process. Successfully executing an attack of this type is often the first step in executing more complex attacks.

Informations CAPEC

Execution Flow

1) Explore

[Probing] The adversary probes the target application, service, or device to find a possible weakness that would allow escaping the virtualized environment.

Technique

Probing applications, services, or devices for virtualization weaknesses.

2) Experiment

[Verify the exploitable security weaknesses] Using the found weakness, the adversary attempts to escape the virtualized environment.

Technique

Using an application weakness to escape a virtualized environment

3) Exploit

[Execute more complex attacks] Once outside of the virtualized environment, the adversary attempts to perform other more complex attacks such as accessing system resources or executing unauthorized code within the host environment.

Technique

Executing complex attacks when given higher permissions by escaping a virtualized environment

Mitigations

Ensure virtualization software is current and up-to-date.
Abide by the least privilege principle to avoid assigning users more privileges than necessary.

Related Weaknesses

CWE-ID	Weakness Name
CWE-693	Protection Mechanism Failure The product does not use or incorrectly uses a protection mechanism that provides sufficient defense against directed attacks against the product.

Submission

Name	Organization	Date	Date release
CAPEC Content Team	The MITRE Corporation	2019-09-30 +00:00

Modifications

Name	Organization	Date	Comment
CAPEC Content Team	The MITRE Corporation	2020-12-17 +00:00	Updated Resources_Required
CAPEC Content Team	The MITRE Corporation	2021-06-24 +00:00	Updated Taxonomy_Mappings
CAPEC Content Team	The MITRE Corporation	2021-10-21 +00:00	Updated Execution_Flow

CAPEC-480 Detail

CAPEC-480

Descriptions CAPEC

Informations CAPEC

Execution Flow

Mitigations

Related Weaknesses

CWE-693

Submission

Modifications