Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
CAPEC-38:Leveraging/Manipulating Configuration File Search Paths
Attack Pattern ID:38
Version:v3.9
Attack Pattern Name:Leveraging/Manipulating Configuration File Search Paths
Abstraction:Detailed
Status:Draft
Likelihood of Attack:High
Typical Severity:Very High
DetailsContent HistoryRelated WeaknessesReports
2Weaknesses found
CWE-426
Untrusted Search Path
ShareView Details
Untrusted Search Path
Likelihood of Exploit-High
Mapping-Allowed-with-Review
Abstraction-Base
Found in565CVEs

The product searches for critical resources using an externally-supplied search path that can point to resources that are not under the product's direct control.

Impacts-
Read Files or DirectoriesDoS: Crash, Exit, or RestartExecute Unauthorized Code or CommandsGain Privileges or Assume Identity
Tags-
High exploitAttack Surface ReductionExecute Unauthorized Code or Commands (impact)Read Files or Directories (impact)DoS: Crash, Exit, or Restart (impact)Gain Privileges or Assume Identity (impact)
As Seen In-
2019 CWE Top 25 Most Dangerous Software Errors
CWE-427
Uncontrolled Search Path Element
ShareView Details
Uncontrolled Search Path Element
Likelihood of Exploit-Not Available
Mapping-Allowed-with-Review
Abstraction-Base
Found in948CVEs

The product uses a fixed or controlled search path to find resources, but one or more locations in that path can be under the control of unintended actors.

Impacts-
Execute Unauthorized Code or Commands
Tags-
Attack Surface ReductionExecute Unauthorized Code or Commands (impact)
As Seen In-
Not Available