CAPEC-113

Interface Manipulation
Média
Média
Draft
2014-06-23
00h00 +00:00
2021-06-24
00h00 +00:00
CAPEC Mitre.org
Alerta para um CAPEC
Fique informado sobre quaisquer alterações para um CAPEC específico.
Gerenciar notificações

Descrições CAPEC

An adversary manipulates the use or processing of an interface (e.g. Application Programming Interface (API) or System-on-Chip (SoC)) resulting in an adverse impact upon the security of the system implementing the interface. This can allow the adversary to bypass access control and/or execute functionality not intended by the interface implementation, possibly compromising the system which integrates the interface. Interface manipulation can take on a number of forms including forcing the unexpected use of an interface or the use of an interface in an unintended way.

Informações CAPEC

Pré-requisitos

The target system must expose interface functionality in a manner that can be discovered and manipulated by an adversary. This may require reverse engineering the interface or decrypting/de-obfuscating client-server exchanges.

Recursos Necessários

The requirements vary depending upon the nature of the interface. For example, application-layer APIs related to the processing of the HTTP protocol may require one or more of the following: an Adversary-In-The-Middle (CAPEC-94) proxy, a web browser, or a programming/scripting language.

Fraquezas Relacionadas

CWE-ID Nome da Fraqueza

CWE-1192

 Improper Identifier for IP Block used in System-On-Chip (SOC)
The System-on-Chip (SoC) does not have unique, immutable identifiers for each of its components.

Submissão

Nome Organização Data Data de lançamento
CAPEC Content Team The MITRE Corporation 2014-06-23 +00:00

Modificações

Nome Organização Data Comentário
CAPEC Content Team The MITRE Corporation 2015-12-07 +00:00 Updated Attack_Prerequisites, Description Summary, Related_Attack_Patterns
CAPEC Content Team The MITRE Corporation 2017-05-01 +00:00 Updated Activation_Zone, Injection_Vector, Payload, Payload_Activation_Impact, Related_Weaknesses, Typical_Likelihood_of_Exploit
CAPEC Content Team The MITRE Corporation 2020-12-17 +00:00 Updated @Name, @Status, Description, Example_Instances, Prerequisites, Related_Weaknesses, Resources_Required
CAPEC Content Team The MITRE Corporation 2021-06-24 +00:00 Updated Related_Weaknesses, Resources_Required
As informações apresentadas no CVE Find originam-se de várias fontes de referência cuidadosamente selecionadas. Os dados CVE são fornecidos pela MITRE Corporation e pelo National Vulnerability Database (NVD). O catálogo de Vulnerabilidades Conhecidas Exploradas (KEV) é proveniente da Cybersecurity and Infrastructure Security Agency (CISA), enquanto as pontuações EPSS vêm do FIRST.org. Além disso, os dados sobre fraquezas de software (CWE) e padrões de ataque comuns (CAPEC) são mantidos pela MITRE Corporation, e as informações sobre configurações de hardware e software (CPE) são fornecidas pelo NVD.