Standardlikelihood: Highseverity: HighStable

CAPEC-19Embedding Scripts within Scripts

Abstraction
Standard
Status
Stable
Likelihood
High
Severity
High

Description

An adversary leverages the capability to execute their own script by embedding it within other scripts that the target software is likely to execute due to programs' vulnerabilities that are brought on by allowing remote hosts to execute scripts. Metadata: standard CAPEC pattern, status stable, likelihood high, severity high. Underlying weakness: CWE-284. Mapped ATT&CK techniques: [object Object], [object Object], [object Object]. Related CAPEC pattern: [object Object].

Related weaknesses· 1

CWE-284

MITRE ATT&CK crosswalk· 3

T1027.009: Obfuscated Files or Information: Embedded PayloadsT1546.004: Event Triggered Execution:.bash_profile and .bashrcT1546.016: Event Triggered Execution: Installer Packages

Related attack patterns· 1

CAPEC-242 (ChildOf)

Exploits1

TypeTargetConfidenceTier
WeaknessImproper Access Controlcwe-284100%live

Related to3

TypeTargetConfidenceTier
SubTechniqueUnix Shell Configuration Modificationt1546.004100%live
SubTechniqueEmbedded Payloadst1027.009100%live
SubTechniqueInstaller Packagest1546.016100%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CAPEC
Exploit Script-Based APIs
CAPEC
Code Injection
CAPEC
Code Inclusion
CAPEC
Inclusion of Code in Existing Process
CAPEC
Local Execution of Code
CAPEC
Malicious Code Implanted During Chip Programming
Sourced from MITRE CAPEC. Curated by Adam Lundqvist, SQUR.