CAPEC-536: Data Injected During Configuration

An attacker with access to data files and processes on a victim's system injects malicious data into critical operational data during configuration or recalibration, causing the victim's system to perform in a suboptimal manner that benefits the adversary.

High

Typical severity

Per MITRE

Low

Likelihood of attack

Per MITRE

Related weaknesses

CWEs this targets

Standard

Abstraction

MITRE classification

Overview

CAPEC-536 (Data Injected During Configuration) is a standard-level attack pattern catalogued by MITRE in the Common Attack Pattern Enumeration and Classification (CAPEC). It describes a recurring method attackers use to exploit software weaknesses.

CAPEC-536: Data Injected During Configuration

Overview

How the attack works

What the attacker needs

Prerequisites

Skills required

How to mitigate it

Examples

Frequently asked questions

What is CAPEC-536?

How does a Data Injected During Configuration attack work?

How do you prevent CAPEC-536?

What weaknesses does CAPEC-536 target?

How severe is CAPEC-536?

References

Defend against CAPEC-536

Overview

How the attack works

What the attacker needs

Prerequisites

Skills required

How to mitigate it

Examples

Related weaknesses

Related attack patterns

Parent

Frequently asked questions

What is CAPEC-536?

How does a Data Injected During Configuration attack work?

How do you prevent CAPEC-536?

What weaknesses does CAPEC-536 target?

How severe is CAPEC-536?

References

Defend against CAPEC-536