Threat P.L.HPsAC.0

URI: P.L.HPsAC.0

Description: Access to the rights of Process by unauthorized agents in any context: if an untrustworthy actor gains access to Host with the rights of Process in any context, the worst case trustworthiness of its users in any context is degraded.

Threat Type: Secondary Threat

Matching Pattern:

MP-HPsAC

Finds a Process and its Host with any associated location access contexts, and optionally the host manager and the interactive user of the process.

P.L.HPmAC.1

Access to Process by an unauthorized agent: if it is believed that an unauthorized and possibly unknown actor has access to Host with the rights of Process, then they could exploit those rights in any context.

P.L.HuHE2AC.3

Execution of malicious email attachment by MUA on Host in Space: the user Human runs a malicious file sent as an email attachment while the host device is located in Space, allowing the attacker to exploit the privileges using connections accessible to their email client MUA via Host from Space.

P.L.HuiPCHS.3.1

Console access to unprotected account running Process on device Host in Space: an attacker with access to the physical space Space where the device is located uses console access to get access via an unprotected user account with the rights of process Process.

P.L.HuiPCHS-iP.3.2

Unauthorised console access to interactive process Process on device Host in Space: an attacker with physical access to device Host in location Space exploits lax password security by user Human to interact via the console with process Process.

P.L.HuiPCHS-iP.3.3

Unattended console access to interactive process Process on device host Host in Space: an attacker with physical access to device Host in location Space is able to access process Process via the console while the legitimate user is away from the desk.

P.L.HuiPoSt.1

Insider attack by Human abusing their control of Process: if the legitimate user Human of process Process is malicious, they can abuse the privileges assigned to Process.

P.L.HuiPSt.1

Insider attack by employee of Employer abusing their control of Process: the legitimate user Human of process Process may be persuaded by an untrustworthy employer Employer to abuse the privileges assigned to Process.

P.L.SHACPmAC.1

Use of admin privilege at Host via Space to control Process: someone with admin rights at device Host in location Space can control process Process hosted by that device in that context.

P.L.SHLnSACPmAC.1

Use of login via RemoteAccessService to control Process on Host in Space: anyone with local rights (i.e. at command shell level) for remote access service RemoteAccessService controlling the collocated process Process on Host when it is in location Space also has control of Process in that context.

P.L.CCCLnSAC.1

Compromise or impersonation of Client allows access to SHost via Service: if anyone can access Service as Client, then because Service is a remote access service, they can access SHost.

P.L.CCCSAC.3

Remote control of Service using a back door from Client: if a back door has previously been installed in service Service, an attacker with control of client Client can exploit the back door to gain access to the rights of Service on its host SHost.

P.L.CSAPNaS.3

Remote control of service Service using a back door from LogicalSubnet: an attacker with access to LogicalSubnet can exploit a privileged network path to Service via that subnet, and use a previously installed back door to take control of the service, gaining access to the rights of Service on SHost.

P.L.HuHW2ACE.3

Execution of malicious email attachment at WebBrowser on Host in Space: user Human runs a malicious file sent as an email attachment via MUA, allowing the attacker to exploit the privileges of their browser WebBrowser on device Host using network connections it has from location Space.

P.L.OSAPNaS.3

P.L.SPNaLnS.1

Remote access to login service Service via reverse proxy Client: a malicious user or an attacker who can authenticate with reverse proxy Client can send messages via Client to a back-end login service Service, gaining access to its rights on device SHost.

P.L.SPNaS.3

Remote control of process Service using a back door via proxy Client: a malicious user or an attacker who can send messages via reverse proxy Client to a back-end service Service could access a back door if previously installed in the software, and gain control of Service including its access to its rights on device SHost.

P.L.HPAC.4

Attacker exploit takes control of Process in Space: the attacker exploits a vulnerability in process Process when its host Host is located in Space, giving them control of the process behaviour and access to its privileges on Host when in that location.

(empty)