CAPEC-551: Modify Existing Service
When an operating system starts, it also starts programs called services or daemons. Modifying existing services may break existing services or may enable services that are disabled/not commonly used.
Last updated
Overview
CAPEC-551 (Modify Existing Service) is a detailed-level attack pattern catalogued by MITRE in the Common Attack Pattern Enumeration and Classification (CAPEC). It describes a recurring method attackers use to exploit software weaknesses.
How to mitigate it
Defenses that reduce the risk of CAPEC-551.
- Limit privileges of user accounts so service changes can only be performed by authorized administrators. Also monitor any service changes that may occur inadvertently.
Terminology & mappings
Mapped taxonomies
- ATTACK: Create or Modify System Process (1543)
Frequently asked questions
Common questions about CAPEC-551.
- What is CAPEC-551?
- When an operating system starts, it also starts programs called services or daemons. Modifying existing services may break existing services or may enable services that are disabled/not commonly used.
- How do you prevent CAPEC-551?
- Limit privileges of user accounts so service changes can only be performed by authorized administrators. Also monitor any service changes that may occur inadvertently.
- What weaknesses does CAPEC-551 target?
- CAPEC-551 exploits 2 CWE weaknesses, including CWE-284 (Improper Access Control), CWE-522 (Insufficiently Protected Credentials).
References
Attack-pattern data is sourced from the MITRE CAPEC catalog (v3.9). Weakness associations link to the corresponding CWE entries on RadicalNotion.AI.
Defend against CAPEC-551
Track the CVEs and weaknesses attackers exploit with this technique, with AI-written analysis and remediation guidance.