CAPEC-456: Infected Memory
Description
Extended Description
The result is a window of opportunity for exploiting the product until the insecure component is discovered. This supply chain threat can result in the installation of malicious software or hardware that introduces widespread security vulnerabilities within an organization. Additionally, because software often depends upon a large number of interdependent libraries and components to be present, security holes can be introduced merely by installing Commercial off the Shelf (COTS) or Open Source Software (OSS) software that comes pre-packaged with the components required for it to operate. It is also worth noting that this attack can occur during initial product development or throughout a product's sustainment.
Severity :
High
Possibility :
Medium
Type :
Standard
Relationships with other CAPECs
This table shows the other attack patterns and high level categories that are related to this attack pattern.
Skills required
This table shows the other attack patterns and high level categories that are related to this attack pattern.
Taxonomy mappings
Mappings to ATT&CK, OWASP and other frameworks.
Related CWE
A Related Weakness relationship associates a weakness with this attack pattern. Each association implies a weakness that must exist for a given attack to be successful.
CWE-1257: Improper Access Control Applied to Mirrored or Aliased Memory Regions
CWE-1260: Improper Handling of Overlap Between Protected Memory Ranges
CWE-1274: Improper Access Control for Volatile Memory Containing Boot Code
CWE-1312: Missing Protection for Mirrored Regions in On-Chip Fabric Firewall
CWE-1316: Fabric-Address Map Allows Programming of Unwarranted Overlaps of Protected and Unprotected Ranges
Visit http://capec.mitre.org/ for more details.