CAPEC-69: Target Programs with Elevated Privileges

Description
This attack targets programs running with elevated privileges. The adversary tries to leverage a vulnerability in the running program and get arbitrary code to execute with elevated privileges.
Extended Description

A System-on-Chip (SoC) often implements a security identifier mechanism to differentiate what actions are allowed or disallowed when a transaction originates from an entity. However, these mechanisms may be exploitable due to any number of the following:

  • The security identifiers are missing
  • The security identifiers are incorrectly implemented or generated
  • The security identifiers are generated with an obsolete encoding
  • The security identifiers are generated and implemented correctly, but are improperly protected

    • If the security identifiers leveraged by the SoC are missing or misconfigured, an adversary may be able to take advantage of this shortcoming to circumvent the intended access controls. This could result in the adversary gaining unintended access, performing a Denial of Service (DoS), escalating privileges, or spoofing actions from a trusted agent.

Severity :

Very High

Possibility :

High

Type :

Standard
Relationships with other CAPECs

This table shows the other attack patterns and high level categories that are related to this attack pattern.

CAPEC-8: Buffer Overflow in an API Call Buffer Overflow in an API Call CAPEC-9: Buffer Overflow in Local Command-Line Utilities Buffer Overflow in Local Command-Line Utilities CAPEC-10: Buffer Overflow via Environment Variables Buffer Overflow via Environment Variables CAPEC-67: String Format Overflow in syslog() String Format Overflow in syslog() CAPEC-233: Privilege Escalation Privilege Escalation
Prerequisites

This table shows the other attack patterns and high level categories that are related to this attack pattern.

  • The targeted program runs with elevated OS privileges.
  • The targeted program accepts input data from the user or from another program.
  • The targeted program is giving away information about itself. Before performing such attack, an eventual attacker may need to gather information about the services running on the host target. The more the host target is verbose about the services that are running (version number of application, etc.) the more information can be gather by an attacker.
  • This attack often requires communicating with the host target services directly. For instance Telnet may be enough to communicate with the host target.
Skills required

This table shows the other attack patterns and high level categories that are related to this attack pattern.

  • Low An attacker can use a tool to scan and automatically launch an attack against known issues. A tool can also repeat a sequence of instructions and try to brute force the service on the host target, an example of that would be the flooding technique.
  • Medium More advanced attack may require knowledge of the protocol spoken by the host service.
Taxonomy mappings

Mappings to ATT&CK, OWASP and other frameworks.

Related CWE

A Related Weakness relationship associates a weakness with this attack pattern. Each association implies a weakness that must exist for a given attack to be successful.

CWE-15: External Control of System or Configuration Setting

CWE-250: Execution with Unnecessary Privileges

Visit http://capec.mitre.org/ for more details.