CAPEC-310: Scanning for Vulnerable Software
An attacker engages in scanning activity to find vulnerable software versions or types, such as operating system versions or network services. Vulnerable or exploitable network configurations, such as improperly firewalled systems, or misconfigured systems in the DMZ or external network, provide windows of opportunity for an attacker. Common types of vulnerable software include unpatched operating systems or services (e.g FTP, Telnet, SMTP, SNMP) running on open ports that the attacker has identified. Attackers usually begin probing for vulnerable software once the external network has been port scanned and potential targets have been revealed.
Last updated
Overview
CAPEC-310 (Scanning for Vulnerable Software) is a detailed-level attack pattern catalogued by MITRE in the Common Attack Pattern Enumeration and Classification (CAPEC). It describes a recurring method attackers use to exploit software weaknesses.
What the attacker needs
Prerequisites
- Access to the network on which the targeted system resides.
- Software tools used to probe systems over a range of ports and protocols.
Skills required
- Medium skill: To probe a system remotely without detection requires careful planning and patience.
Resources required
- Probing requires the ability to interactively send and receive data from a target, whereas passive listening requires a sufficient understanding of the protocol to analyze a preexisting channel of communication.
Consequences
What a successful CAPEC-310 attack can achieve.
Other
Affects: Confidentiality
Bypass Protection Mechanism, Hide Activities
Affects: Confidentiality, Access Control, Authorization