Dark Mode
Capec-121 Detail
Exploit Non-Production Interfaces
Standard Software Hardware Likelihood: Low Typical Severity: High
Parents: 113
Children: 661
Threats: T62
An adversary exploits a sample, demonstration, test, or debug interface that is unintentionally enabled on a production system, with the goal of gleaning information or leveraging functionality that would otherwise be unavailable.
Non-production interfaces are insecure by default and should not be resident on production systems, since they may reveal sensitive information or functionality that should not be known to end-users. However, such interfaces may be unintentionally left enabled on a production system due to configuration errors, supply chain mismanagement, or other pre-deployment activities. Ultimately, failure to properly disable non-production interfaces, in a production environment, may expose a great deal of diagnostic information or functionality to an adversary, which can be utilized to further refine their attack. Moreover, many non-production interfaces do not have adequate security controls or may not have undergone rigorous testing since they were not intended for use in production environments. As such, they may contain many flaws and vulnerabilities that could allow an adversary to severely disrupt a target.
| External ID | Source | Link | Description |
|---|---|---|---|
| CAPEC-121 | capec | https://capec.mitre.org/data/definitions/121.html | |
| CWE-489 | cwe | http://cwe.mitre.org/data/definitions/489.html | |
| CWE-1209 | cwe | http://cwe.mitre.org/data/definitions/1209.html | |
| CWE-1259 | cwe | http://cwe.mitre.org/data/definitions/1259.html | |
| CWE-1267 | cwe | http://cwe.mitre.org/data/definitions/1267.html | |
| CWE-1270 | cwe | http://cwe.mitre.org/data/definitions/1270.html | |
| CWE-1294 | cwe | http://cwe.mitre.org/data/definitions/1294.html | |
| CWE-1295 | cwe | http://cwe.mitre.org/data/definitions/1295.html | |
| CWE-1296 | cwe | http://cwe.mitre.org/data/definitions/1296.html | |
| CWE-1302 | cwe | http://cwe.mitre.org/data/definitions/1302.html | |
| CWE-1313 | cwe | http://cwe.mitre.org/data/definitions/1313.html | |
| REF-588 | reference_from_CAPEC | Swarup Bhunia, Mark M. Tehranipoor, The Hardware Trojan War: Attacks, Myths, and Defenses, 2017--11---30, Springer | |
| REF-589 | reference_from_CAPEC | https://ieeexplore.ieee.org/document/6604058/authors#authors | Boyang Du, Matteo Sonza Reorda, Luca Sterpone, Luis Parra, Marta Portela-Garcia, Almudena Lindoso, Luis Entrena, Exploiting the debug interface to support on-line test of control flow errors, 2013--07---08, Institute of Electrical and Electronics Engineers (IEEE) |
Explore
-
Determine Vulnerable Interface: An adversary explores a target system for sample or test interfaces that have not been disabled by a system administrator and which may be exploitable by the adversary.
| Techniques |
|---|
| If needed, the adversary explores an organization's network to determine if any specific systems of interest exist. |
Exploit
-
Leverage Test Interface to Execute Attacks: Once an adversary has discovered a system with a non-production interface, the interface is leveraged to exploit the system and/or conduct various attacks.
| Techniques |
|---|
| The adversary can leverage the sample or test interface to conduct several types of attacks such as Adversary-in-the-Middle attacks (CAPEC-94), keylogging, Cross Site Scripting (XSS), hardware manipulation attacks, and more. |
- The target must have configured non-production interfaces and failed to secure or remove them when brought into a production environment.
- For some interfaces, the adversary will need that appropriate client application or hardware that interfaces with the interface. Other non- production interfaces can be executed using simple tools, such as web browsers or console windows. In some cases, an adversary may need to be able to authenticate to the target before it can access the vulnerable interface.
| High |
|---|
| Exploiting non-production interfaces requires significant skill and knowledge about the potential non-production interfaces left enabled in production. |
| Integrity | Authorization | Access Control | Authentication | Confidentiality |
|---|---|---|---|---|
| Modify Data | Read Data | Modify Data | Gain Privileges | Gain Privileges |
| Alter Execution Logic | Execute Unauthorized Commands | Alter Execution Logic | Bypass Protection Mechanism | Bypass Protection Mechanism |
| Read Data | ||||
| Execute Unauthorized Commands |
- Some software applications include application programming interfaces (APIs) that are intended to allow an administrator to test and refine their domain. These APIs are typically disabled once a system enters a production environment, but may be left in an insecure state due to a configuration error or mismanagement.
- Many hardware systems leverage bits typically reserved for future functionality for testing and debugging purposes. If these reserved bits remain enabled in a production environment, it could allow an adversary to induce unwanted/unsupported behavior in the hardware.