| Name |
Interface Manipulation |
|
| Likelyhood of attack |
Typical severity |
| Medium |
Medium |
|
| Summary |
An adversary manipulates the use or processing of an interface (e.g. Application Programming Interface (API) or System-on-Chip (SoC)) resulting in an adverse impact upon the security of the system implementing the interface. This can allow the adversary to bypass access control and/or execute functionality not intended by the interface implementation, possibly compromising the system which integrates the interface. Interface manipulation can take on a number of forms including forcing the unexpected use of an interface or the use of an interface in an unintended way. |
| Prerequisites |
The target system must expose interface functionality in a manner that can be discovered and manipulated by an adversary. This may require reverse engineering the interface or decrypting/de-obfuscating client-server exchanges. |
| Solutions | |
| Related Weaknesses |
|
CWE ID
|
Description
|
| CWE-227 |
7PK - API Abuse |
| CWE-1192 |
System-on-Chip (SoC) Using Components without Unique, Immutable Identifiers |
|