CAPEC-113

Interface Manipulation
Medio
Medio
Draft
2014-06-23
00h00 +00:00
2021-06-24
00h00 +00:00
CAPEC Mitre.org
Alerta para un CAPEC
Manténgase informado sobre cualquier cambio en un CAPEC específico.
Gestionar notificaciones

Descripciones CAPEC

An adversary manipulates the use or processing of an interface (e.g. Application Programming Interface (API) or System-on-Chip (SoC)) resulting in an adverse impact upon the security of the system implementing the interface. This can allow the adversary to bypass access control and/or execute functionality not intended by the interface implementation, possibly compromising the system which integrates the interface. Interface manipulation can take on a number of forms including forcing the unexpected use of an interface or the use of an interface in an unintended way.

Informaciones CAPEC

Prerrequisitos

The target system must expose interface functionality in a manner that can be discovered and manipulated by an adversary. This may require reverse engineering the interface or decrypting/de-obfuscating client-server exchanges.

Recursos requeridos

The requirements vary depending upon the nature of the interface. For example, application-layer APIs related to the processing of the HTTP protocol may require one or more of the following: an Adversary-In-The-Middle (CAPEC-94) proxy, a web browser, or a programming/scripting language.

Debilidades relacionadas

CWE-ID Nombre de la debilidad

CWE-1192

 Improper Identifier for IP Block used in System-On-Chip (SOC)
The System-on-Chip (SoC) does not have unique, immutable identifiers for each of its components.

Envío

Nombre Organización Fecha Fecha de lanzamiento
CAPEC Content Team The MITRE Corporation 2014-06-23 +00:00

Modificaciones

Nombre Organización Fecha Comentario
CAPEC Content Team The MITRE Corporation 2015-12-07 +00:00 Updated Attack_Prerequisites, Description Summary, Related_Attack_Patterns
CAPEC Content Team The MITRE Corporation 2017-05-01 +00:00 Updated Activation_Zone, Injection_Vector, Payload, Payload_Activation_Impact, Related_Weaknesses, Typical_Likelihood_of_Exploit
CAPEC Content Team The MITRE Corporation 2020-12-17 +00:00 Updated @Name, @Status, Description, Example_Instances, Prerequisites, Related_Weaknesses, Resources_Required
CAPEC Content Team The MITRE Corporation 2021-06-24 +00:00 Updated Related_Weaknesses, Resources_Required
La información presentada en CVE Find proviene de varias fuentes de referencia cuidadosamente seleccionadas. Los datos CVE son proporcionados por MITRE Corporation y la Base de Datos Nacional de Vulnerabilidades (NVD). El catálogo de Vulnerabilidades Explotadas Conocidas (KEV) proviene de la Agencia de Seguridad de Infraestructura y Ciberseguridad (CISA), mientras que las puntuaciones EPSS provienen de FIRST.org. Además, los datos sobre debilidades de software (CWE) y patrones de ataque comunes (CAPEC) son mantenidos por MITRE Corporation, y la información sobre configuraciones de hardware y software (CPE) es proporcionada por la NVD.