Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
CAPEC-480:Escaping Virtualization
Attack Pattern ID:480
Version:v3.9
Attack Pattern Name:Escaping Virtualization
Abstraction:Standard
Status:Draft
Likelihood of Attack:Low
Typical Severity:Very High
DetailsContent HistoryRelated WeaknessesReports
▼Description
An adversary gains access to an application, service, or device with the privileges of an authorized or privileged user by escaping the confines of a virtualized environment. The adversary is then able to access resources or execute unauthorized code within the host environment, generally with the privileges of the user running the virtualized process. Successfully executing an attack of this type is often the first step in executing more complex attacks.
▼Extended Description
▼Alternate Terms
▼Relationships
NatureTypeIDName
ChildOfM115Authentication Bypass
ParentOfD237Escaping a Sandbox by Calling Code in Another Language
Nature: ChildOf
Type: Meta
ID: 115
Name: Authentication Bypass
Nature: ParentOf
Type: Detailed
ID: 237
Name: Escaping a Sandbox by Calling Code in Another Language
▼Execution Flow
Explore
1.

Probing

The adversary probes the target application, service, or device to find a possible weakness that would allow escaping the virtualized environment.

Technique
Probing applications, services, or devices for virtualization weaknesses.
Experiment
1.

Verify the exploitable security weaknesses

Using the found weakness, the adversary attempts to escape the virtualized environment.

Technique
Using an application weakness to escape a virtualized environment
Exploit
1.

Execute more complex attacks

Once outside of the virtualized environment, the adversary attempts to perform other more complex attacks such as accessing system resources or executing unauthorized code within the host environment.

Technique
Executing complex attacks when given higher permissions by escaping a virtualized environment
▼Prerequisites
▼Skills Required
▼Resources Required
▼Indicators
▼Consequences
ScopeLikelihoodImpactNote
Access ControlAuthorizationN/ABypass Protection MechanismN/A
AuthorizationN/AExecute Unauthorized CommandsRun Arbitrary Code
AccountabilityAuthenticationAuthorizationNon-RepudiationN/AGain PrivilegesN/A
Scope: Access Control, Authorization
Likelihood: N/A
Impact: Bypass Protection Mechanism
Note: N/A
Scope: Authorization
Likelihood: N/A
Impact: Execute Unauthorized Commands
Note: Run Arbitrary Code
Scope: Accountability, Authentication, Authorization, Non-Repudiation
Likelihood: N/A
Impact: Gain Privileges
Note: N/A
▼Mitigations
Ensure virtualization software is current and up-to-date.
Abide by the least privilege principle to avoid assigning users more privileges than necessary.
▼Example Instances
▼Related Weaknesses
IDName
CWE-693Protection Mechanism Failure
ID: CWE-693
Name: Protection Mechanism Failure
▼Taxonomy Mappings
Taxonomy NameEntry IDEntry Name
ATTACK1611Escape to Host
Taxonomy Name: ATTACK
Entry ID: 1611
Entry Name: Escape to Host
▼Notes
▼References
Details not found