Trustworthiness Attribute Extrinsic-VA-TW

URI: Extrinsic-VA-TW

Package: VulnerabilityCVSS

< prev | next >

Description: Free of software vulnerabilities that can be accessed only from the local network, requiring access to either the broadcast or collision domain of the vulnerable software.

This attribute is undermined by the misbehaviour LossOfExtrinsic-VA-TW

Host

A device that can store, process, transmit or receive data.

Process

Represents a process (usually implemented by software running on a Host) that can read, update or create data, or exchange data with other processes.

Extrinsic-VA-TW
H.V.HL1HS.2

Authenticated exploit on device Host in Space via connection with RemoteHost: an attacker with access to RemoteHost in location Space can send a malicious message via its pairing connection with Host that, after authentication, can exploit a bug in Host.
Extrinsic-VA-TW
H.V.HL1HS.3

Anonymous exploit on device Host in Space via connection with RemoteHost: an attacker with access to RemoteHost in location Space can send a malicious message via its pairing connection with Host that, without authentication, can exploit a bug in Host.
Extrinsic-VA-TW
H.V.LoH.2

Adjacent authenticated exploit on device Host from LogicalSubnet: an attacker with local access to device Host when connected to subnet LogicalSubnet can send a message containing malicious content that, after authentication, can exploit a bug in Host.
Extrinsic-VA-TW
H.V.LoH.3

Adjacent anonymous exploit on device Host from LogicalSubnet: an attacker with local access to the subnet LogicalSubnet to which device Host is connected can send a message containing malicious content designed to exploit a bug in Host, without authentication.
Extrinsic-VA-TW
H.W.HLoH.3

Adjacent malware exploit on device Host from RemoteHost: malware on device RemoteHost sends a message containing malicious content designed to exploit a bug in Host and install itself there, without authentication.
Extrinsic-VA-TW
P.V.CCCSACvLS.2

Adjacent authenticated exploit as Client on service Service from LogicalSubnet: an attacker able to authenticate as client Client and access Service via an adjacent subnet LogicalSubnet used by Client can send a message with malicious content that, after authentication, can exploit a bug in Service.
Extrinsic-VA-TW
P.V.OSAPLaS.3

Adjacent anonymous exploit on service Service from LogicalSubnet: an attacker with access to a subnet LogicalSubnet can exploit firewall policy exceptions enabling access to service Service and send a message containing malicious content that, without authentication, can exploit a bug in Service.