Dark Mode
Capec-678 Detail
System Build Data Maliciously Altered
Detailed Supply Chain Software Hardware Likelihood: Low Typical Severity: High
Parents: 444
During the system build process, the system is deliberately misconfigured by the alteration of the build data. Access to system configuration data files and build processes is susceptible to deliberate misconfiguration of the system.
Not present
| External ID | Source | Link | Description |
|---|---|---|---|
| CAPEC-678 | capec | https://capec.mitre.org/data/definitions/678.html | |
| T1195.002 | ATTACK | https://attack.mitre.org/wiki/Technique/T1195/002 | Supply Chain Compromise: Compromise Software Supply Chain |
| REF-439 | reference_from_CAPEC | http://www.mitre.org/sites/default/files/publications/supply-chain-attack-framework-14-0228.pdf | John F. Miller, Supply Chain Attack Framework and Attack Patterns, 2013, The MITRE Corporation |
| REF-660 | reference_from_CAPEC | https://docplayer.net/13041016-Supply-chain-attack-patterns-framework-and-catalog.html | Melinda Reed, John F. Miller, Paul Popick, Supply Chain Attack Patterns: Framework and Catalog, 2014--08, Office of the Assistant Secretary of Defense for Research and Engineering |
Not present
- An adversary has access to the data files and processes used for executing system configuration and performing the build.
Not present
Not present
| Integrity | Access Control | Confidentiality |
|---|---|---|
| Execute Unauthorized Commands | Gain Privileges | Modify Data |
| Read Data |
- ‘Make’ is a program used for building executable programs and libraries from source code by executing commands and following rules in a ‘makefile’. It can create a malicious executable if commands or dependency paths in the makefile are maliciously altered to execute an unwanted command or reference as a dependency maliciously altered code.