Threat H.E-D.H.8

URI: H.E-D.H.8

Package: Network

< prev | next >

Description: Vulnerabilities discovered in device Host: one or more software vulnerabilities in device Host become known to attackers. This is a pre-requisite for exploitation of more specific types of vulnerabilities.

Threat Type: Primary Threat

Matching Pattern:

H.E-D.H.8
MP-H

Finds a solo Host, with optionally its manager(s) and interactive user(s).

        (empty)

H.E-D.H.8
H.E-A.TH.8

Vulnerability (A) discovered at Host: software vulnerability found in device Host, which could allow an attack on host availability, and may be known to attackers. Only around 4 percent of vulnerabilities are specific to this type of action (NVD 2015-2019).
H.E-D.H.8
H.E-AU.H.8

Vulnerability (AU) discovered at Host: software vulnerability found in device Host, which could allow an attack that bypasses authentication, and may be known to attackers. Around 82 percent of vulnerabilities can be accessed without authentication (NVD 2015-2019).
H.E-D.H.8
H.E-C.TH.8

Vulnerability (C) discovered at Host: software vulnerability found in device Host, which could allow an attack on data confidentiality, and may be known to attackers. Less than 1 percent of vulnerabilities are specific to this type of action (NVD 2015-2019).
H.E-D.H.8
H.E-I.TH.8

Vulnerability (I) discovered at Host: software vulnerability found in device Host, which could allow an attack on data integrity, and may be known to attackers. Less than 1 percent of vulnerabilities are specific to this type of action (NVD 2015-2019).
H.E-D.H.8
H.E-M.SH.8

Vulnerability (M) discovered at Host: software vulnerability found in device Host, which could allow an attack gaining admin level access, and may be known to attackers. Around 18 percent of vulnerabilities allow complete control of the vulnerable device (NVD 2015-2019).
H.E-D.H.8
H.E-VA.H.8

Vulnerability (VA) discovered at Host: software vulnerability found in device Host, which could allow an attack from an adjacent network, and may be known to attackers. Under 2 percent of vulnerabilities require low level access from an adjacent network (NVD 2015-2019).
H.E-D.H.8
H.E-VL.H.8

Vulnerability (VL) discovered at Host: software vulnerability found in device Host, which could allow an attack by a local user, and may be known to attackers. Around 14 percent of vulnerabilities require local user access to the vulnerable device (NVD 2015-2019).
H.E-D.H.8
H.E-VN.H.8

Vulnerability (VN) discovered at Host: software vulnerability found in device Host, which could allow an attack from a remote network, and may be known to attackers. Around 84 percent of vulnerabilities can be accessed from a remote network (NVD 2015-2019).
H.E-D.H.8
H.E-W.GH.8

Vulnerability (W) discovered at Host: software vulnerability found in device Host, which could allow an attack by self-propagating malware, and may be known to attackers. Statistics not analysed, but should be less likely than user-level access because someone would need to know about the vulnerability and then develop fully automated and self-propagating malware able to attack it.

        (empty)

        (empty)

CSG-FormalDeviceVerification

The software for device Host has been analysed by independent experts using formal methods and shown to be free of bugs. It is therefore guaranteed to work correctly for arbitrary (even malicious) inputs. However, this is only possible for simple devices. Note that it does not prevent bugs that are present being discovered and exploited by attackers, so it is a prior mitigation only which is ignored in current (run-time) risk calculations (although in principle no vulnerabilities should ever be found).

CSG-HostCertification

The software and hardware at device Host has been assessed and certified to be secure by independent experts. The device is unlikely to contain exploitable bugs, though the assessment may become outdated so should be renewed from time to time. Note that this does not prevent bugs that are present being discovered and exploited by attackers, so it is a prior mitigation only which is ignored in current (run-time) risk calculations.

CSG-PatchingAtHost

Use a systematic procedure for regular security patching of software used (including hosted processes) on device Host, and have a contingency plan included in the system operating policies and practices for HostManager to manually apply patches immediately should the need for them become urgent.

CSG-PenTestingOfHost

The software and hardware at device Host has been tested and certified to be secure by independent experts. The device is unlikely to contain exploitable bugs, though the assessment may become outdated so should be renewed from time to time. Note that this does not prevent bugs that are present being discovered and exploited by attackers, so it is a prior mitigation only which is ignored in current (run-time) risk calculations.

CSG-SoftwareUpdatingAtHost

Use a systematic procedure for updating software used (including hosted processes) on device Host.