CAPEC-519: Documentation Alteration to Cause Errors in System Design
An attacker with access to a manufacturer's documentation containing requirements allocation and software design processes maliciously alters the documentation in order to cause errors in system design. This allows the attacker to take advantage of a weakness in a deployed system of the manufacturer for malicious purposes.
Last updated
Overview
CAPEC-519 (Documentation Alteration to Cause Errors in System Design) is a detailed-level attack pattern catalogued by MITRE in the Common Attack Pattern Enumeration and Classification (CAPEC). It describes a recurring method attackers use to exploit software weaknesses.
What the attacker needs
Prerequisites
- Advanced knowledge of software capabilities of a manufacturer's product.
- Access to the manufacturer's documentation.
Skills required
- High skill: Ability to read, interpret, and subsequently alter manufacturer's documentation to cause errors in system design.
- High skill: Ability to stealthly gain access via remote compromise or physical access to the manufacturer's documentation.
How to mitigate it
Defenses that reduce the risk of CAPEC-519.
- Digitize documents and cryptographically sign them to verify authenticity.
- Password protect documents and make them read-only for unauthorized users.
- Avoid emailing important documents and configurations.
- Ensure deleted files are actually deleted.
- Maintain multiple instances of the document across different privileged users for recovery and verification.
Examples
During operation, a firewall will restart various subsystems to reload and implement new rules as added by the user. An attacker alters the software design dependencies in the manufacturer's documentation so that under certain predictable conditions the reload will fail to load in rules resulting in a "fail open" state. Once deployed at a victim site, this will allow the attacker to bypass the victim's firewall.