Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
CAPEC-678:System Build Data Maliciously Altered
Attack Pattern ID:678
Version:v3.9
Attack Pattern Name:System Build Data Maliciously Altered
Abstraction:Detailed
Status:Draft
Likelihood of Attack:Low
Typical Severity:High
DetailsContent HistoryRelated WeaknessesReports
▼Description

During the system build process, the system is deliberately misconfigured by the alteration of the build data. Access to system configuration data files and build processes is susceptible to deliberate misconfiguration of the system.

▼Extended Description
▼Alternate Terms
▼Relationships
NatureTypeIDName
ChildOfS444Development Alteration
Nature: ChildOf
Type: Standard
ID: 444
Name: Development Alteration
▼Execution Flow
▼Prerequisites
An adversary has access to the data files and processes used for executing system configuration and performing the build.
▼Skills Required
▼Resources Required
▼Indicators
▼Consequences
ScopeLikelihoodImpactNote
IntegrityN/AExecute Unauthorized CommandsN/A
Access ControlN/AGain PrivilegesN/A
ConfidentialityN/AModify DataRead DataN/A
Scope: Integrity
Likelihood: N/A
Impact: Execute Unauthorized Commands
Note: N/A
Scope: Access Control
Likelihood: N/A
Impact: Gain Privileges
Note: N/A
Scope: Confidentiality
Likelihood: N/A
Impact: Modify Data, Read Data
Note: N/A
▼Mitigations
Implement configuration management security practices that protect the integrity of software and associated data.
Monitor and control access to the configuration management system.
Harden centralized repositories against attack.
Establish acceptance criteria for configuration management check-in to assure integrity.
Plan for and audit the security of configuration management administration processes.
Maintain configuration control over operational systems.
▼Example Instances
▼Related Weaknesses
IDName
▼Taxonomy Mappings
Taxonomy NameEntry IDEntry Name
ATTACK1195.002Supply Chain Compromise: Compromise Software Supply Chain
Taxonomy Name: ATTACK
Entry ID: 1195.002
Entry Name: Supply Chain Compromise: Compromise Software Supply Chain
▼Notes
▼References
Reference ID: REF-439
Title: Supply Chain Attack Framework and Attack Patterns
Author: John F. Miller
Publication:
Publisher:The MITRE Corporation
Edition:
URL:http://www.mitre.org/sites/default/files/publications/supply-chain-attack-framework-14-0228.pdf
URL Date:
Day:N/A
Month:N/A
Year:2013
Reference ID: REF-660
Title: Supply Chain Attack Patterns: Framework and Catalog
Author: Melinda Reed, John F. Miller, Paul Popick
Publication:
Publisher:Office of the Assistant Secretary of Defense for Research and Engineering
Edition:
URL:https://docplayer.net/13041016-Supply-chain-attack-patterns-framework-and-catalog.html
URL Date:2021-06-22
Day:N/A
Month:08
Year:2014
Details not found