CAPEC-184: Software Integrity Attack
An attacker initiates a series of events designed to cause a user, program, server, or device to perform actions which undermine the integrity of software code, device data structures, or device firmware, achieving the modification of the target's integrity to achieve an insecure state.
Last updated
Overview
CAPEC-184 (Software Integrity Attack) is a meta-level attack pattern catalogued by MITRE in the Common Attack Pattern Enumeration and Classification (CAPEC). It describes a recurring method attackers use to exploit software weaknesses.
What the attacker needs
Skills required
- Medium skill: Manual or user-assisted attacks require deceptive mechanisms to trick the user into clicking a link or downloading and installing software. Automated update attacks require the attacker to host a payload and then trigger the installation of the payload code.
Resources required
- Software Integrity Attacks are usually a late stage focus of attack activity which depends upon the success of a chain of prior events. The resources required to perform the attack vary with respect to the overall attack strategy, existing countermeasures which must be bypassed, and the success of early phase attack vectors.
Frequently asked questions
Common questions about CAPEC-184.
- What is CAPEC-184?
- An attacker initiates a series of events designed to cause a user, program, server, or device to perform actions which undermine the integrity of software code, device data structures, or device firmware, achieving the modification of the target's integrity to achieve an insecure state.
- What weaknesses does CAPEC-184 target?
- CAPEC-184 exploits 1 CWE weakness, including CWE-494 (Download of Code Without Integrity Check).
- How severe is CAPEC-184?
- MITRE rates CAPEC-184 as Low severity.
References
Attack-pattern data is sourced from the MITRE CAPEC catalog (v3.9). Weakness associations link to the corresponding CWE entries on RadicalNotion.AI.
Defend against CAPEC-184
Track the CVEs and weaknesses attackers exploit with this technique, with AI-written analysis and remediation guidance.