CAPEC-679: Exploitation of Improperly Configured or Implemented Memory Protections

Description

<p>An adversary takes advantage of missing or incorrectly configured access control within memory to read/write data or inject malicious code into said memory.<p>

Extended Description

Hardware product designs often need to implement memory protection features to prevent users from reading and modifying memory reserved for security operations such as secure booting, authenticating code, device attestation, and more. However, these protection features may be missing if not configured by developers. For example, this can occur if the developers assume these features are configured elsewhere. Additionally, developers often attempt to impose proper protection features, but may incorrectly configure these controls. One such example would be setting controls with insufficient granularity for protected address regions. If an adversary is able to discover improper access controls surrounding memory, it could result in the adversary obtaining sensitive data, executing code, circumventing security mechanisms, escalating privileges, or even denying service to higher privilege software.

Severity :

Very High

Possibility :

Medium

Type :

Detailed

Relationships with other CAPECs

This table shows the other attack patterns and high level categories that are related to this attack pattern.

CAPEC-1: Accessing Functionality Not Properly Constrained by ACLs Accessing Functionality Not Properly Constrained by ACLs CAPEC-180: Exploiting Incorrectly Configured Access Control Security Levels Exploiting Incorrectly Configured Access Control Security Levels

Prerequisites

This table shows the other attack patterns and high level categories that are related to this attack pattern.

Access to the hardware being leveraged.

Skills required

This table shows the other attack patterns and high level categories that are related to this attack pattern.

Medium Ability to craft malicious code to inject into the memory region.
High Intricate knowledge of memory structures.

Taxonomy mappings

Mappings to ATT&CK, OWASP and other frameworks.

Related CWE

A Related Weakness relationship associates a weakness with this attack pattern. Each association implies a weakness that must exist for a given attack to be successful.

CWE-1222: Insufficient Granularity of Address Regions Protected by Register Locks

CWE-1252: CPU Hardware Not Configured to Support Exclusivity of Write and Execute Operations

CWE-1257: Improper Access Control Applied to Mirrored or Aliased Memory Regions

CWE-1260: Improper Handling of Overlap Between Protected Memory Ranges

CWE-1274: Improper Access Control for Volatile Memory Containing Boot Code

CWE-1282: Assumed-Immutable Data is Stored in Writable Memory

CWE-1312: Missing Protection for Mirrored Regions in On-Chip Fabric Firewall

CWE-1316: Fabric-Address Map Allows Programming of Unwarranted Overlaps of Protected and Unprotected Ranges

CWE-1326: Missing Immutable Root of Trust in Hardware

Visit http://capec.mitre.org/ for more details.