Misbehaviour LossOfExtrinsic-W-TW

URI: LossOfExtrinsic-W-TW

Description: Discovery by potential attackers of a vulnerability whose exploitation would allow insertion of self-propagating malware.

This misbehaviour affects the trustworthiness attribute Extrinsic-W-TW

Host	A device that can store, process, transmit or receive data.
Process	Represents a process (usually implemented by software running on a Host) that can read, update or create data, or exchange data with other processes.

H.E-W.GH.8

Vulnerability (W) discovered at Host: software vulnerability found in device Host, which could allow an attack by self-propagating malware, and may be known to attackers. Statistics not analysed, but should be less likely than user-level access because someone would need to know about the vulnerability and then develop fully automated and self-propagating malware able to attack it.

P.E-W.HP-iT.8

Vulnerability (W) discovered at Process: software vulnerability found in process Process, which could allow an attack by self-propagating malware, and may be known to attackers. Statistics not analysed, but should be less likely than user-level access because someone would need to know about the vulnerability and then develop fully automated and self-propagating malware able to attack it.

(empty)

H.W.HIoH.3

Remote malware exploit on device Host from LogicalSubnet: an attacker with access to subnet LogicalSubnet sends a message containing malicious content designed to exploit a bug in Host and install itself there, without authentication.

H.W.HLoH.3

Adjacent malware exploit on device Host from RemoteHost: malware on device RemoteHost sends a message containing malicious content designed to exploit a bug in Host and install itself there, without authentication.

H.W.HRoH.3

Remote malware exploit on device Host from RemoteHost: malware on device RemoteHost sends a message containing malicious content designed to exploit a bug in Host and install itself there, without authentication.

P.W.CCCS.3

Worm propagation exploit on service Service from Client: an infected client Client can send a message containing malware that without authentication, can exploit a bug in Service and infect the process.

P.W.HPDFDI.2

Infection of Process via malware in flow of Data from FlowsFrom: if the copy of Data received from FlowsFrom is infected with malware, process Process may become infected when it consumes the data as an input.

P.W.HPsACDSrDI.2

Malware infection of Process via stored input Data: if the stored copy of Data on Host is infected with malware, then process Process may be affected when it uses the data as an input.

Misbehaviour LossOfExtrinsic-W-TW

Assets (2)

Threats that cause this misbehaviour (2)