English
Français
Light
Dark
System

CVEFind - Alertes CVE

Restez informé en continue
Créer un compte Ouvrez un compte Simple et Gratuit Se connecter Gérez vos alertes

CAPEC-176

Configuration/Environment Manipulation
MEDIUM
Draft
2014-06-23 00:00 +00:00
2021-06-24 00:00 +00:00
CAPEC Mitre.org

Alerte pour un CAPEC

Restez informé de toutes modifications pour un CAPEC spécifique.
Gestion des alertes

Description

An attacker manipulates files or settings external to a target application which affect the behavior of that application. For example, many applications use external configuration files and libraries - modification of these entities or otherwise affecting the application's ability to use them would constitute a configuration/environment manipulation attack.

Informations

Prerequisites

The target application must consult external files or configuration controls to control its execution. All but the very simplest applications meet this requirement.

Resources Required

The attacker must have the access necessary to affect the files or other environment items the targeted application uses for its operations.

Faiblesses connexes

CWE-ID Nom de la faiblesse
CWE-15 External Control of System or Configuration Setting
One or more system settings or configuration elements can be externally controlled by a user.
CWE-1233 Security-Sensitive Hardware Controls with Missing Lock Bit Protection
The product uses a register lock bit protection mechanism, but it does not ensure that the lock bit prevents modification of system registers or controls that perform changes to important hardware system configuration.
CWE-1234 Hardware Internal or Debug Modes Allow Override of Locks
System configuration protection may be bypassed during debug mode.
CWE-1304 Improperly Preserved Integrity of Hardware Configuration State During a Power Save/Restore Operation
The product performs a power save/restore operation, but it does not ensure that the integrity of the configuration state is maintained and/or verified between the beginning and ending of the operation.
CWE-1328 Security Version Number Mutable to Older Versions
Security-version number in hardware is mutable, resulting in the ability to downgrade (roll-back) the boot firmware to vulnerable code versions.

Submission

Name Organization Date Date Release
CAPEC Content Team The MITRE Corporation 2014-06-23 +00:00

Modifications

Name Organization Date Comment
CAPEC Content Team The MITRE Corporation 2019-04-04 +00:00 Updated Related_Weaknesses
CAPEC Content Team The MITRE Corporation 2020-07-30 +00:00 Updated Related_Weaknesses, Taxonomy_Mappings
CAPEC Content Team The MITRE Corporation 2020-12-17 +00:00 Updated Taxonomy_Mappings
CAPEC Content Team The MITRE Corporation 2021-06-24 +00:00 Updated Related_Weaknesses

Plus d'informations
Cliquez sur le bouton à gauche (OFF), pour autoriser l'inscription de cookie améliorant les fonctionnalités du site. Cliquez sur le bouton à gauche (Tout accepter), pour ne plus autoriser l'inscription de cookie améliorant les fonctionnalités du site.