CAPEC 122 Privilege Abuse

Draft Meta High Risk

Severity Medium

Description

An adversary is able to exploit features of the target that should be reserved for privileged users or administrators but are exposed to use by lower or non-privileged accounts. Access to sensitive information and functionality must be controlled to ensure that only authorized users are able to access these resources.

Mitigations

Consequences

Security Scopes Affected

Access Control Authorization Confidentiality Integrity

Potential Impacts

Bypass Protection Mechanism Execute Unauthorized Commands Gain Privileges Modify Data Read Data

CAPEC 122 Privilege Abuse

Description

Mitigations

Configure Account Privileges Such Privileged/Administrator Functionality Is Not Exposed To Non-Privileged/Lower Accounts.

Consequences

Security Scopes Affected

Potential Impacts

Relationships

Child CAPECs

Related ATT&CK Techniques

Abuse Elevation Control Mechanism

Resources Required

CAPEC 122 Privilege Abuse

Description

Mitigations

Configure Account Privileges Such Privileged/Administrator Functionality Is Not Exposed To Non-Privileged/Lower Accounts.

Consequences

Security Scopes Affected

Potential Impacts

Relationships

Child CAPECs

Related ATT&CK Techniques

Abuse Elevation Control Mechanism

Resources Required

Iscriviti alla newsletter