Misbehaviour LossOfExtrinsic-VA-TW

URI: LossOfExtrinsic-VA-TW

Description: Discovery by potential attackers of a vulnerability that can be accessed only from the local network, requiring access to either the broadcast or collision domain of the vulnerable software.

This misbehaviour affects the trustworthiness attribute Extrinsic-VA-TW

Host	A device that can store, process, transmit or receive data.
Process	Represents a process (usually implemented by software running on a Host) that can read, update or create data, or exchange data with other processes.

H.E-VA.H.8

Vulnerability (VA) discovered at Host: software vulnerability found in device Host, which could allow an attack from an adjacent network, and may be known to attackers. Under 2 percent of vulnerabilities require low level access from an adjacent network (NVD 2015-2019).

P.E-VA.HP-iT.8

Vulnerability (VA) discovered at Process: software vulnerability found in process Process, which could allow an attack from an adjacent network, and may be known to attackers. Under 2 percent of vulnerabilities require low level access from an adjacent network (NVD 2015-2019), and presumably the majority are in the O/S (i.e. the host).

(empty)

H.V.HL1HS.2

Authenticated exploit on device Host in Space via connection with RemoteHost: an attacker with access to RemoteHost in location Space can send a malicious message via its pairing connection with Host that, after authentication, can exploit a bug in Host.

H.V.HL1HS.3

Anonymous exploit on device Host in Space via connection with RemoteHost: an attacker with access to RemoteHost in location Space can send a malicious message via its pairing connection with Host that, without authentication, can exploit a bug in Host.

H.V.LoH.2

Adjacent authenticated exploit on device Host from LogicalSubnet: an attacker with local access to device Host when connected to subnet LogicalSubnet can send a message containing malicious content that, after authentication, can exploit a bug in Host.

H.V.LoH.3

Adjacent anonymous exploit on device Host from LogicalSubnet: an attacker with local access to the subnet LogicalSubnet to which device Host is connected can send a message containing malicious content designed to exploit a bug in Host, without authentication.

H.W.HLoH.3

Adjacent malware exploit on device Host from RemoteHost: malware on device RemoteHost sends a message containing malicious content designed to exploit a bug in Host and install itself there, without authentication.

P.V.CCCSACvLS.2

Adjacent authenticated exploit as Client on service Service from LogicalSubnet: an attacker able to authenticate as client Client and access Service via an adjacent subnet LogicalSubnet used by Client can send a message with malicious content that, after authentication, can exploit a bug in Service.

P.V.OSAPLaS.3

Adjacent anonymous exploit on service Service from LogicalSubnet: an attacker with access to a subnet LogicalSubnet can exploit firewall policy exceptions enabling access to service Service and send a message containing malicious content that, without authentication, can exploit a bug in Service.