Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
CAPEC-176:Configuration/Environment Manipulation
Attack Pattern ID:176
Version:v3.9
Attack Pattern Name:Configuration/Environment Manipulation
Abstraction:Meta
Status:Draft
Likelihood of Attack:
Typical Severity:Medium
DetailsContent HistoryRelated WeaknessesReports
▼Description
An attacker manipulates files or settings external to a target application which affect the behavior of that application. For example, many applications use external configuration files and libraries - modification of these entities or otherwise affecting the application's ability to use them would constitute a configuration/environment manipulation attack.
▼Extended Description
▼Alternate Terms
▼Relationships
NatureTypeIDName
ParentOfS75Manipulating Writeable Configuration Files
ParentOfS203Manipulate Registry Information
ParentOfS271Schema Poisoning
ParentOfS536Data Injected During Configuration
ParentOfS578Disable Security Software
Nature: ParentOf
Type: Standard
ID: 75
Name: Manipulating Writeable Configuration Files
Nature: ParentOf
Type: Standard
ID: 203
Name: Manipulate Registry Information
Nature: ParentOf
Type: Standard
ID: 271
Name: Schema Poisoning
Nature: ParentOf
Type: Standard
ID: 536
Name: Data Injected During Configuration
Nature: ParentOf
Type: Standard
ID: 578
Name: Disable Security Software
▼Execution Flow
▼Prerequisites
The target application must consult external files or configuration controls to control its execution. All but the very simplest applications meet this requirement.
▼Skills Required
▼Resources Required
The attacker must have the access necessary to affect the files or other environment items the targeted application uses for its operations.
▼Indicators
▼Consequences
ScopeLikelihoodImpactNote
▼Mitigations
▼Example Instances
▼Related Weaknesses
IDName
CWE-1233Security-Sensitive Hardware Controls with Missing Lock Bit Protection
CWE-1234Hardware Internal or Debug Modes Allow Override of Locks
CWE-1304Improperly Preserved Integrity of Hardware Configuration State During a Power Save/Restore Operation
CWE-1328Security Version Number Mutable to Older Versions
CWE-15External Control of System or Configuration Setting
ID: CWE-1233
Name: Security-Sensitive Hardware Controls with Missing Lock Bit Protection
ID: CWE-1234
Name: Hardware Internal or Debug Modes Allow Override of Locks
ID: CWE-1304
Name: Improperly Preserved Integrity of Hardware Configuration State During a Power Save/Restore Operation
ID: CWE-1328
Name: Security Version Number Mutable to Older Versions
ID: CWE-15
Name: External Control of System or Configuration Setting
▼Taxonomy Mappings
Taxonomy NameEntry IDEntry Name
OWASP AttacksN/ASetting Manipulation
Taxonomy Name: OWASP Attacks
Entry ID: N/A
Entry Name: Setting Manipulation
▼Notes
▼References
Details not found