Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
CAPEC-554:Functionality Bypass
Attack Pattern ID:554
Version:v3.9
Attack Pattern Name:Functionality Bypass
Abstraction:Meta
Status:Draft
Likelihood of Attack:Medium
Typical Severity:High
DetailsContent HistoryRelated WeaknessesReports
2Weaknesses found
CWE-1299
Missing Protection Mechanism for Alternate Hardware Interface
ShareView Details
Missing Protection Mechanism for Alternate Hardware Interface
Likelihood of Exploit-Not Available
Mapping-Allowed
Abstraction-Base
Found in8CVEs

The lack of protections on alternate paths to access control-protected assets (such as unprotected shadow registers and other external facing unguarded interfaces) allows an attacker to bypass existing protections to the asset that are only performed against the primary path.

Impacts-
DoS: Resource Consumption (Other)Alter Execution LogicExecute Unauthorized Code or CommandsModify MemoryGain Privileges or Assume IdentityBypass Protection MechanismRead MemoryQuality Degradation
Tags-
Microcontroller HardwareProcessor HardwareBus/Interface HardwareExecute Unauthorized Code or Commands (impact)Bypass Protection Mechanism (impact)Read Memory (impact)Quality Degradation (impact)Alter Execution Logic (impact)Modify Memory (impact)Gain Privileges or Assume Identity (impact)DoS: Resource Consumption (Other) (impact)
As Seen In-
Not Available
CWE-424
Improper Protection of Alternate Path
ShareView Details
Improper Protection of Alternate Path
Likelihood of Exploit-Not Available
Mapping-Allowed-with-Review
Abstraction-Class
Found in24CVEs

The product does not sufficiently protect all possible paths that a user can take to access restricted functionality or resources.

Impacts-
Bypass Protection MechanismGain Privileges or Assume Identity
Tags-
Bypass Protection Mechanism (impact)Gain Privileges or Assume Identity (impact)
As Seen In-
CISQ Data Protection Measures