System Software

System Software

  • TID-201: Inadequate Bootloader Protection and Verification
  • TID-202: Exploitable System Network Stack Component
  • TID-203: Malicious OS Kernel Driver/Module Installable
  • TID-204: Untrusted Programs Can Access Privileged OS Functions
  • TID-205: Existing OS Tools Maliciously Used for Device Manipulation
  • TID-206: Memory Management Protections Subverted
  • TID-207: Container Escape
  • TID-208: Virtual Machine Escape
  • TID-209: Host Can Manipulate Guest Virtual Machines
  • TID-210: Device Vulnerabilities Unpatchable
  • TID-211: Device Allows Unauthenticated Firmware Installation
  • TID-212: FW/SW Update Integrity Shared Secrets Extraction
  • TID-213: Faulty FW/SW Update Integrity Verification
  • TID-214: Secrets Extracted from Device Root of Trust
  • TID-215: Unencrypted SW/FW Updates
  • TID-216: Firmware Update Rollbacks Allowed
  • TID-217: Remotely Initiated Updates Can Cause DoS
  • TID-218: Operating System Susceptible to Rootkit
  • TID-219: OS/Kernel Privilege Escalation
  • TID-220: Unpatchable Hardware Root of Trust
  • TID-221: Authentication Bypass By Message Replay
  • TID-222: Critical System Service May Be Disabled
  • TID-223: System Susceptible to RAM Scraping
  • TID-224: Excessive Access via Software Diagnostic Features
  • TID-225: Logs can be manipulated on the device
  • TID-226: Device leaks security information in logs