| Name |
Modify Existing Service |
|
| Likelyhood of attack |
Typical severity |
| Medium |
Medium |
|
| Summary |
When an operating system starts, it also starts programs called services or daemons. Modifying existing services may break existing services or may enable services that are disabled/not commonly used. |
| Prerequisites |
|
| Solutions | Limit privileges of user accounts so service changes can only be performed by authorized administrators. Also monitor any service changes that may occur inadvertently. |
| Related Weaknesses |
|
CWE ID
|
Description
|
| CWE-284 |
Improper Access Control |
| CWE-522 |
Insufficiently Protected Credentials |
|
| Related CAPECS |
|
CAPEC ID
|
Description
|
| CAPEC-542 |
An adversary develops targeted malware that takes advantage of a known vulnerability in an organizational information technology environment. The malware crafted for these attacks is based specifically on information gathered about the technology environment. Successfully executing the malware enables an adversary to achieve a wide variety of negative technical impacts. |
|
| Taxonomy: ATTACK |
|
Entry ID
|
Entry Name
|
| 1543.002 |
Create or Modify System Process:Systemd Service |
| 1543.003 |
Create or Modify System Process:Windows Service |
| 1543.004 |
Create or Modify System Process:Launch Daemon |
| 1569.001 |
System Services:Launchctl |
| 1569.002 |
System Services:Service Execution |
|