Threat Sg.TA.L1SSg2.8

URI: Sg.TA.L1SSg2.8

Description: Mesh routing between FromHost and ToHost via Gateway is enabled: if this route is enabled by mesh routing via non-IP connections, it could be exploited by an attacker.

Threat Type: Primary Threat

Matching Pattern:

MP-L1SSg2

Finds a gateway between two distinct layer 1 subnets (i.e. Bluetooth or USB connections), along with the forward and return path segments via the gateway.

(empty)

ConnectionsAllowed at Role_FwdSegment

ServiceChannelsAllowed at Role_FwdSegment

CSG-DisableMeshRouting

Bluetooth mesh routing is disabled in device Gateway, preventing it routing between its Bluetooth connections from FromHost to ToHost. This strategy does not represent a contingency plan, but a permanent restriction introduced by design or in accordance with an operational policy or user preference. It also triggers threats representing side effects that would be caused by such a restriction. The default configuration for most Bluetooth enabled hosts is to have mesh routing disabled, but the model must assume it is enabled unless the control is selected, or potential threats may be overlooked.

Threat Sg.TA.L1SSg2.8

MP-L1SSg2

Triggered by Threat (0)

Triggers Secondary Threats (0)

Triggered By Control Strategy (0)

Misbehaviour Sets (2)

Control Strategies (1)