Package VulnerabilityCVSS

URI: VulnerabilityCVSS

Description: Model of software vulnerabilities based on CVSS v2 metrics.

(empty)

CC.AuC.DFrXSS.3

Reflected XSS exploit on Client via Service injected via client input Data from FlowsFrom: an attacker who can inject malicious content into input Data flowing to Client from FlowsFrom can exploit a bug in Service to send a harmful script to the client browser. We assume this will make the browser leak authentication credentials, such as a password or session key.

CC.AuC.DFsXSS.3

Stored XSS exploit against Client by Service injected via input Data from FlowsFrom: an attacker who can inject malicious content into input Data flowing to Service from FlowsFrom can exploit a bug in Service, and send a harmful script to a trusting client browser Client. We assume this will make the browser leak authentication credentials, such as a password or session key.

CC.AuC.DSrXSS.3

Reflected XSS exploit on Client from Service injected via locally stored client input Data: an attacker who can inject malicious content into locally stored input Data used by Client can exploit a bug in Service and send a harmful script to the client browser. We assume this will make the browser leak authentication credentials, such as a password or session key.

CC.AuC.DSsXSS.3

Stored XSS exploit from Service against Client: an attacker who can inject malicious content into service input Data stored on SHost can exploit a bug in Service, and send a harmful script to a trusting client browser Client. We assume this will make the browser leak authentication credentials, such as a password or session key.

CC.R.CDBSC.4

Query injection at Service into back end DB: an attacker having exploited a bug in Service when connected to DB, is able to send arbitrary queries to DB. This is modelled as an adverse behaviour in the inferred client channel representing their trust relationship, fulfilling the precondition for further threats using injected queries to access or alter data stored by DB.

DS.A.HDS.4

Attacker exploit at Host deletes Data: the attacker exploits a vulnerability in device Host and is able to delete or otherwise disable access to the stored copy of Data on the device.

DS.A.HPsACDAdDS.4

Attacker exploit at Process to delete Data: the attacker exploits a vulnerability in process Process and is able to delete or otherwise disable access to the stored copy of Data on its host device Host.

DS.Auth.HDS-V.4

Attacker exploit at Host alters stored copy of Data: the attacker exploits a vulnerability in device Host and is able to alter the stored copy of Data on the device.

DS.Auth.HPsACd-pDS-V.4

Attacker exploit at service Process alters Data stored on Host: the attacker exploits a vulnerability in process Process and is able to alter the stored copy of Data on its host device Host.

DS.Auth.HPsACdpDS-V.4

Attacker exploit at Process alters output Data stored on Host: the attacker exploits a vulnerability in process Process and is able to alter the stored copy of Data updated by the process on its host device Host.

DS.C.HDS-V.4

Attacker exploit at Host accesses stored data Data: the attacker is able to exploit a vulnerability in device Host gaining access to its stored copy of Data.

DS.C.HPsACr-pDS-V.4

Attacker exploit at Process accesses Data: the attacker is able to exploit a vulnerability in process Process and gains access to the stored copy of Data on device Host which is served by the process.

DS.C.HPsACrpDS-V.4

Attacker exploit at Process accesses its input Data: the attacker is able to exploit a vulnerability in process Process, gaining access to the stored copy of Data used by the process on its host device Host.

H.A.H.4

Attacker exploit disables Host: the attacker exploits a vulnerability in device Host and is able to crash the device.

H.E-A.TH.8

Vulnerability (A) discovered at Host: software vulnerability found in device Host, which could allow an attack on host availability, and may be known to attackers. Only around 4 percent of vulnerabilities are specific to this type of action (NVD 2015-2019).

H.E-AU.H.8

Vulnerability (AU) discovered at Host: software vulnerability found in device Host, which could allow an attack that bypasses authentication, and may be known to attackers. Around 82 percent of vulnerabilities can be accessed without authentication (NVD 2015-2019).

H.E-C.TH.8

Vulnerability (C) discovered at Host: software vulnerability found in device Host, which could allow an attack on data confidentiality, and may be known to attackers. Less than 1 percent of vulnerabilities are specific to this type of action (NVD 2015-2019).

H.E-I.TH.8

Vulnerability (I) discovered at Host: software vulnerability found in device Host, which could allow an attack on data integrity, and may be known to attackers. Less than 1 percent of vulnerabilities are specific to this type of action (NVD 2015-2019).

H.E-M.SH.8

Vulnerability (M) discovered at Host: software vulnerability found in device Host, which could allow an attack gaining admin level access, and may be known to attackers. Around 18 percent of vulnerabilities allow complete control of the vulnerable device (NVD 2015-2019).

H.E-VA.H.8

Vulnerability (VA) discovered at Host: software vulnerability found in device Host, which could allow an attack from an adjacent network, and may be known to attackers. Under 2 percent of vulnerabilities require low level access from an adjacent network (NVD 2015-2019).

H.E-VL.H.8

Vulnerability (VL) discovered at Host: software vulnerability found in device Host, which could allow an attack by a local user, and may be known to attackers. Around 14 percent of vulnerabilities require local user access to the vulnerable device (NVD 2015-2019).

H.E-VN.H.8

Vulnerability (VN) discovered at Host: software vulnerability found in device Host, which could allow an attack from a remote network, and may be known to attackers. Around 84 percent of vulnerabilities can be accessed from a remote network (NVD 2015-2019).

H.E-W.GH.8

Vulnerability (W) discovered at Host: software vulnerability found in device Host, which could allow an attack by self-propagating malware, and may be known to attackers. Statistics not analysed, but should be less likely than user-level access because someone would need to know about the vulnerability and then develop fully automated and self-propagating malware able to attack it.

H.J.GH.7

Malware inserts remote access back door in infected device Host: the malware infecting device Host exploits a vulnerability to insert a means for the attacker to remotely access admin privileges on Host.

H.L.HAC.4

Attacker exploit gains user privileges at Host in location Space: the attacker exploits a vulnerability in device Host when it is located in Space, and gains user level access to the device in that context.

H.M.HAC.4

Attacker exploit gains admin rights at Host when it is in location Space: the attacker exploits a vulnerability in device Host in context HostAccess and gains control over the device in that context.

H.M.HmACPAC.4

Attacker exploit at Process in location Space gains admin rights at Host: the attacker exploits a vulnerability in the process Process when its host Host is in Space, and is able to escalate privileges to gain admin rights on Host in that context.

H.V.CHS-iP.3

Local anonymous exploit on host Host in Space: an attacker with physical access to the console of device Host in Space is able to exploit a bug in Host.

H.V.HAC.2

Local authenticated exploit on device Host when in location Space: an attacker with local user level access to device Host in location Space exploits a bug in Host.

H.V.HL1HS.2

Authenticated exploit on device Host in Space via connection with RemoteHost: an attacker with access to RemoteHost in location Space can send a malicious message via its pairing connection with Host that, after authentication, can exploit a bug in Host.

H.V.HL1HS.3

Anonymous exploit on device Host in Space via connection with RemoteHost: an attacker with access to RemoteHost in location Space can send a malicious message via its pairing connection with Host that, without authentication, can exploit a bug in Host.

H.V.IoH.2

Remote authenticated exploit on device Host from AttackerSubnet via LogicalSubnet: an attacker with access to the subnet AttackerSubnet can send a malicious message via the network to device Host via LogicalSubnet that, after authentication, can exploit a vulnerability in Host.

H.V.IoH.3

Remote anonymous exploit on device Host from AttackerSubnet via LogicalSubnet: an attacker with access to the subnet AttackerSubnet can send a malicious message via the network to device Host via LogicalSubnet that, without authentication, can exploit a vulnerability in Host.

H.V.LoH.2

Adjacent authenticated exploit on device Host from LogicalSubnet: an attacker with local access to device Host when connected to subnet LogicalSubnet can send a message containing malicious content that, after authentication, can exploit a bug in Host.

H.V.LoH.3

Adjacent anonymous exploit on device Host from LogicalSubnet: an attacker with local access to the subnet LogicalSubnet to which device Host is connected can send a message containing malicious content designed to exploit a bug in Host, without authentication.

H.V.NoH.2

H.V.NoH.3

H.W.HIoH.3

Remote malware exploit on device Host from LogicalSubnet: an attacker with access to subnet LogicalSubnet sends a message containing malicious content designed to exploit a bug in Host and install itself there, without authentication.

H.W.HLoH.3

Adjacent malware exploit on device Host from RemoteHost: malware on device RemoteHost sends a message containing malicious content designed to exploit a bug in Host and install itself there, without authentication.

H.W.HRoH.3

Remote malware exploit on device Host from RemoteHost: malware on device RemoteHost sends a message containing malicious content designed to exploit a bug in Host and install itself there, without authentication.

P.A.HP-iT.4

Attacker exploit disables Process: the attacker exploits a vulnerability in the process Process and is able to crash it or otherwise prevent access to it.

P.A.HuDFrXSS.6

Service Service disabled to prevent XSS attack on Client via its input Data from FlowsFrom: if service Service is disabled by HostManager to prevent XSS attacks using malicious content injected via Data from FlowsFrom, this will make the service unavailable.

P.A.HuDFsXSS.6

Service Service disabled to prevent XSS attack on Client injected via input Data from FlowsFrom: if service Service is disabled to prevent XSS attacks on Client injected via input Data from FlowsFrom, then Service will be unavailable.

P.A.HuDSrXSS.6

Service Service disabled to prevent XSS attack on Client via its input Data: if service Service is disabled to prevent XSS attacks using malicious content injected via locally stored inpuut Data, this will make the service unavailable.

P.A.HuDSsXSS.6

Service Service disabled to prevent XSS attack on Client injected via local input Data: if service Service is disabled to prevent XSS attacks on Client injected via input Data, then Service will be unavailable.

P.E-A.HP-iT.8

Vulnerability (A) discovered at Process: software vulnerability found in process Process, which could allow an attack on process availability, and may be known to attackers. Only around 4 percent of vulnerabilities are specific to this type of action (NVD 2015-2019).

P.E-AU.HP-iT.8

Vulnerability (AU) discovered at Process: software vulnerability found in process Process, which could allow an attack bypassing authentication, and may be known to attackers. Around 82 percent of vulnerabilities can be accessed without authentication (NVD 2015-2019).

P.E-C.HP-iT.8

Vulnerability (C) discovered at Process: software vulnerability found in process Process, which could allow an attack on data confidentiality, and may be known to attackers. Less than 1 percent of vulnerabilities are specific to this type of action (NVD 2015-2019).

P.E-I.HP-iT.8

Vulnerability (I) discovered at Process: software vulnerability found in process Process, which could allow an attack on data integrity, and may be known to attackers. Less than 1 percent of vulnerabilities are specific to this type of action (NVD 2015-2019).

P.E-M.SHP-iT.8

Vulnerability (M) discovered at Process: software vulnerability found in process Process, which could allow admin level access to its host device, and may be known to attackers. Around 18 percent of vulnerabilities allow complete control of the vulnerable device (NVD 2015-2019).

P.E-QI.HP-iT.8

Vulnerability (QI) discovered at Process: software vulnerability found in process Process, which could allow injection of queries into a back-end database, and may be known to attackers. Around 3 percent of vulnerabilities relate to query injection, but around 5 percent of all low complexity attacks are of this type (NVD 2015-2019).

P.E-U.SHP-iT.8

Vulnerability (U) discovered at Process: software vulnerability found in process Process, which could allow user level access to its host device with the rights of the process, and may be known to attackers. Around 30 percent of vulnerabilities allow local user access to the vulnerable device (NVD 2015-2019).

P.E-VA.HP-iT.8

Vulnerability (VA) discovered at Process: software vulnerability found in process Process, which could allow an attack from an adjacent network, and may be known to attackers. Under 2 percent of vulnerabilities require low level access from an adjacent network (NVD 2015-2019), and presumably the majority are in the O/S (i.e. the host).

P.E-VL.HP-iT.8

Vulnerability (VL) discovered at Process: software vulnerability found in process Process, which could allow an attack by a local user, and may be known to attackers. Around 14 percent of vulnerabilities require local user access to the vulnerable device (NVD 2015-2019).

P.E-VN.HP-iT.8

Vulnerability (VN) discovered at Process: software vulnerability found in process Process, which could allow an attack from a remote network, and may be known to attackers. Around 84 percent of vulnerabilities can be accessed from a remote network (NVD 2015-2019).

P.E-W.HP-iT.8

Vulnerability (W) discovered at Process: software vulnerability found in process Process, which could allow an attack by self-propagating malware, and may be known to attackers. Statistics not analysed, but should be less likely than user-level access because someone would need to know about the vulnerability and then develop fully automated and self-propagating malware able to attack it.

P.E-XS.HP-iT.8

Vulnerability (XS) discovered at Process: software vulnerability found in process Process, which could allow a cross-site scripting attack on a client, and may be known to attackers. Around 14 percent of vulnerabilities relate to cross site scripting, including 32 percent of vulnerabilities relating to medium complexity exploits (NVD 2015-2019).

P.L.HPAC.4

Attacker exploit takes control of Process in Space: the attacker exploits a vulnerability in process Process when its host Host is located in Space, giving them control of the process behaviour and access to its privileges on Host when in that location.

P.V.CCCSACvLS.2

Adjacent authenticated exploit as Client on service Service from LogicalSubnet: an attacker able to authenticate as client Client and access Service via an adjacent subnet LogicalSubnet used by Client can send a message with malicious content that, after authentication, can exploit a bug in Service.

P.V.CCCS-iAC.2

Remote authenticated exploit as Client on service Service: an attacker able to authenticate as client Client and access Service from a direction used by Client can send a message with malicious content that, after authentication, can exploit a bug in Service.

P.V.CCCvsCCSAC.2

P.V.CSAPNaS.3

Remote anonymous exploit on service Service from LogicalSubnet: an attacker with access to a subnet LogicalSubnet can use a privileged network path to service Service and send a message containing malicious content that, without authentication, can exploit a bug in Service.

P.V.HACPmAC.2

Local authenticated exploit on process Process in Space: an attacker with local user access to device Host in space Space can exploit a bug in Process.

P.V.OSAPLaS.3

Adjacent anonymous exploit on service Service from LogicalSubnet: an attacker with access to a subnet LogicalSubnet can exploit firewall policy exceptions enabling access to service Service and send a message containing malicious content that, without authentication, can exploit a bug in Service.

P.V.OSAPNaS.3

P.V.SPNaS.2

Remote authenticated exploit on service Service via reverse proxy Client: a malicious user or attacker able send messages to Service via reverse proxy Client can send a malicious request that can exploit a bug in Service after authentication.

P.W.CCCS.3

Worm propagation exploit on service Service from Client: an infected client Client can send a message containing malware that without authentication, can exploit a bug in Service and infect the process.

P.W.HPDFDI.2

Infection of Process via malware in flow of Data from FlowsFrom: if the copy of Data received from FlowsFrom is infected with malware, process Process may become infected when it consumes the data as an input.

P.W.HPsACDSrDI.2

Malware infection of Process via stored input Data: if the stored copy of Data on Host is infected with malware, then process Process may be affected when it uses the data as an input.

SC.A.HuCAPmSC.6.2

Suspended channels from Client to vulnerable service Service via LogicalSubnet are not available: the firewall rules allowing access by client Client to service Service may be disabled if the risk of an expoit by an attacker on subnet LogicalSubnet is too high. . However, this cuts privileged network paths, so communication between Client and Service via that subnet will become unavailable.

SC.A.HuSAPmSC.6.2

Suspended channels to vulnerable service Service via LogicalSubnet cuts availability: the firewall rules allowing access to service Service via LogicalSubnet may be suspended if necessary to prevent attacks. However, this cuts privileged network paths, so communication with Service via that subnet will become unavailable.

LossOfExtrinsic-A-TW	Discovery by potential attackers of a vulnerability whose exploitation would compromise asset availability.
LossOfExtrinsic-AU-TW	Discovery by potential attackers of a vulnerability that can be accessed without authentication.
LossOfExtrinsic-C-TW	Discovery by potential attackers of a vulnerability whose exploitation would compromise data confidentiality.
LossOfExtrinsic-I-TW	Discovery by potential attackers of a vulnerability whose exploitation would allow data to be altered.
LossOfExtrinsic-M-TW	Discovery by potential attackers of a vulnerability whose exploitation would allow an attacker to take control.
LossOfExtrinsic-QI-TW	Discovery by potential attackers of a vulnerability whose exploitation would allow an attacker to inject queries that will be passed to a trusting back-end process.
LossOfExtrinsic-U-TW	Discovery by potential attackers of a vulnerability whose exploitation would allow an attacker user level access.
LossOfExtrinsic-VA-TW	Discovery by potential attackers of a vulnerability that can be accessed only from the local network, requiring access to either the broadcast or collision domain of the vulnerable software.
LossOfExtrinsic-VL-TW	Discovery by potential attackers of a vulnerability that can be accessed from a local shell or via physical access.
LossOfExtrinsic-VN-TW	Discovery by potential attackers of a vulnerability that can be accessed from a remote network.
LossOfExtrinsic-W-TW	Discovery by potential attackers of a vulnerability whose exploitation would allow insertion of self-propagating malware.
LossOfExtrinsic-XS-TW	Discovery by potential attackers of a vulnerability in a service whose exploitation would allow injection of malicious scripts into a client process.