diff --git a/mappings/cvss_v3/cvss_v3.json b/mappings/cvss_v3/cvss_v3.json index 8e4dc8bc..6f2735f6 100644 --- a/mappings/cvss_v3/cvss_v3.json +++ b/mappings/cvss_v3/cvss_v3.json @@ -827,6 +827,32 @@ } ] }, + { + "id": "physical_security_issues", + "children": [ + { + "id": "bypass_of_physical_access_control", + "cvss_v3": "AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:L" + }, + { + "id": "weakness_in_physical_access_control", + "children": [ + { + "id": "cloneable_key", + "cvss_v3": "AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N" + }, + { + "id": "master_key_identification", + "cvss_v3": "AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:L" + }, + { + "id": "commonly_keyed_system", + "cvss_v3": "AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N" + } + ] + } + ] + }, { "id": "insecure_os_firmware", "children": [ @@ -846,9 +872,71 @@ "cvss_v3": "AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" } ] - } - ] - }, + }, + { + "id": "weakness_in_firmware_updates", + "children": [ + { + "id": "firmware_cannot_be_updated", + "cvss_v3": "AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L" + }, + { + "id": "firmware_does_not_validate_update_integrity", + "cvss_v3": "AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H" + }, + { + "id": "firmware_is_not_encrypted", + "cvss_v3": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" + } + ] + }, + { + "id": "kiosk_escape_or_breakout", + "cvss_v3": "AV:P/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L" + }, + { + "id": "poorly_configured_disk_encryption", + "cvss_v3": "AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" + }, + { + "id": "shared_credentials_on_storage", + "cvss_v3": "AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" + }, + { + "id": "over_permissioned_credentials_on_storage", + "cvss_v3": "AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" + }, + { + "id": "local_administrator_on_default_environment", + "cvss_v3": "AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H" + }, + { + "id": "poorly_configured_operating_system_security", + "cvss_v3": "AV:L/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:L" + }, + { + "id": "recovery_of_disk_contains_sensitive_material", + "cvss_v3": "AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" + }, + { + "id": "failure_to_remove_sensitive_artifacts_from_disk", + "cvss_v3": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" + }, + { + "id": "data_not_encrypted_at_rest", + "children": [ + { + "id": "non_sensitive", + "cvss_v3": "AV:P/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N" + }, + { + "id": "sensitive", + "cvss_v3": "AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" + } + ] + } + ] +}, { "id": "cryptographic_weakness", "children": [ diff --git a/mappings/cwe/cwe.json b/mappings/cwe/cwe.json index 0da41d6e..e7b953b6 100644 --- a/mappings/cwe/cwe.json +++ b/mappings/cwe/cwe.json @@ -415,6 +415,32 @@ } ] }, + { + "id": "physical_security_issues", + "children": [ + { + "id": "bypass_of_physical_access_control", + "cwe": ["CWE-1300"] + }, + { + "id": "weakness_in_physical_access_control", + "children": [ + { + "id": "cloneable_key", + "cwe": ["CWE-1300"] + }, + { + "id": "master_key_identification", + "cwe": ["CWE-284"] + }, + { + "id": "commonly_keyed_system", + "cwe": ["CWE-284"] + } + ] + } + ] + }, { "id": "insecure_os_firmware", "children": [ @@ -425,7 +451,69 @@ { "id": "hardcoded_password", "cwe": ["CWE-259"] - } + }, + { + "id": "weakness_in_firmware_updates", + "children": [ + { + "id": "firmware_cannot_be_updated", + "cwe": ["CWE-434"] + }, + { + "id": "firmware_does_not_validate_update_integrity", + "cwe": ["CWE-434"] + }, + { + "id": "firmware_is_not_encrypted", + "cwe": ["CWE-434"] + } + ] + }, + { + "id": "kiosk_escape_or_breakout", + "cwe": ["CWE-284"] + }, + { + "id": "poorly_configured_disk_encryption", + "cwe": ["CWE-326"] + }, + { + "id": "shared_credentials_on_storage", + "cwe": ["CWE-798"] + }, + { + "id": "over_permissioned_credentials_on_storage", + "cwe": ["CWE-250"] + }, + { + "id": "local_administrator_on_default_environment", + "cwe": ["CWE-276"] + }, + { + "id": "poorly_configured_operating_system_security", + "cwe": ["CWE-16"] + }, + { + "id": "recovery_of_disk_contains_sensitive_material", + "cwe": ["CWE-522"] + }, + { + "id": "failure_to_remove_sensitive_artifacts_from_disk", + "cwe": ["CWE-459"] + }, + { + "id": "data_not_encrypted_at_rest", + "children": [ + { + "id": "sensitive", + "cwe": ["CWE-311"] + }, + { + "id": "non_sensitive", + "cwe": ["CWE-311"] + } + ] + } ] }, { diff --git a/mappings/remediation_advice/remediation_advice.json b/mappings/remediation_advice/remediation_advice.json index 059605a5..0f45b455 100644 --- a/mappings/remediation_advice/remediation_advice.json +++ b/mappings/remediation_advice/remediation_advice.json @@ -1144,6 +1144,32 @@ "https://www.owasp.org/index.php/Top_10_2010-A9-Insufficient_Transport_Layer_Protection" ] }, + { + "id": "physical_security_issues", + "children": [ + { + "id": "bypass_of_physical_access_control", + "remediation_advice": " " + }, + { + "id": "weakness_in_physical_access_control", + "children": [ + { + "id": "cloneable_key", + "remediation_advice": "The 2 most effective are interative locking elements (which can be defeated still by a skilled attacker) or usage of digital key systems such as Assa eCLIQ or Pulse" + }, + { + "id": "commonly_keyed_system", + "remediation_advice": "Unique keys should be used on any system which intends to be secure, otherwise if keyed to a common key system, the risk needs to be accepted that the key could be obtained if the lock doesn't secure a secure component." + }, + { + "id": "master_key_identification", + "remediation_advice": "While physical lock systems require the key material to be inside the lock, electonic access control systems can use cryptographicly strong key mechanisms which prevent the key material from being accessable on the device" + } + ] + } + ] + }, { "id": "insecure_os_firmware", "children": [ @@ -1165,7 +1191,69 @@ "https://www.owasp.org/index.php/Password_Management:_Hardcoded_Password", "https://github.com/OWASP/CheatSheetSeries/blob/master/cheatsheets/Password_Storage_Cheat_Sheet.md" ] - } + }, + { + "id": "data_not_encrypted_at_rest", + "children": [ + { + "id": "non_sensitive", + "remediation_advice": "Data within the device should be encrypted at rest, preventing the data from being viewable by a 3rd party attacker." + }, + { + "id": "sensitive", + "remediation_advice": "Data within the device should be encrypted at rest, preventing the data from being viewable by a 3rd party attacker." + } + ] + }, + { + "id": "failure_to_remove_sensitive_artifacts_from_disk", + "remediation_advice": "Implement robust deletion functions which not only reference to the data, but write over the existing data to prevent digital forensic methods of recovery" + }, + { + "id": "kiosk_escape_or_breakout", + "remediation_advice": "1. Implement vigirous QA testing of applications prior to deployment\n2. Implement robust error logging and catching within the application to prevent crashes\n3. Initiate application restarts in the event of a application crash.\n4. Use Lower Privleged accounts with minimal permissions to lower the impact of a potential kiosk escape" + }, + { + "id": "local_administrator_on_default_environment", + "remediation_advice": "The usage of Local Administrator accounts on a device is usually not nessicary for the operation, especially with embedded hardware and kiosks. Use of Lower Privleged accounts with minimal permissions and Jails lowers the impact if access by an attacker is acheved." + }, + { + "id": "over_permissioned_credentials_on_storage", + "remediation_advice": "When provisioning credentials, strict scoping of the credentials to the resources required to operate reduce the impact of an exposure of those credentials." + }, + { + "id": "poorly_configured_disk_encryption", + "remediation_advice": "1. Use of standard cryptographic libraries reduces the likelyhood of implementation vulnerabilities\n2. Verify your bootloader and encryption systems are up to date to avoid public exploits." + }, + { + "id": "poorly_configured_operating_system_security", + "remediation_advice": "Following standards such as the NIST or ASD hardening guide allows you to identify known configuration issues and apply configuration changes to prevent this from being exploited further." + }, + { + "id": "recovery_of_disk_contains_sensitive_material", + "remediation_advice": "Implement robust deletion functions which not only reference to the data, but write over the existing data to prevent digital forensic methods of recovery." + }, + { + "id": "shared_credentials_on_storage", + "remediation_advice": "Credentials for shared services should be avoided where possible, they allow for a single breach to be escalated to effect an entire organisation. When provisioning a service credential, they should be unique per device and strict scoped to the resources required to operate, to reduce the impact of an exposure of those credentials" + }, + { + "id": "weakness_in_firmware_updates", + "children": [ + { + "id": "firmware_cannot_be_updated", + "remediation_advice": "Implement the ability for the firmware to be upgraded on a device, including an automatic update policy, which will allow for the patch of future security issues on the device." + }, + { + "id": "firmware_does_not_validate_update_integrity", + "remediation_advice": "Implementation of firmware integrity checking using cryptographic signitures of a certificate is considered best practice, allowing the integrity of the firmware updates to be validated by the device prior to patching." + }, + { + "id": "firmware_is_not_encrypted", + "remediation_advice": "Implementation of encryption for firmware updates allows for the update data to be protected during transit, and increases the time taken to reverse engineer the firmware used, and future security patches." + } + ] + } ] }, { diff --git a/third-party-mappings/remediation_training/secure-code-warrior-links.json b/third-party-mappings/remediation_training/secure-code-warrior-links.json index 4015a883..35198535 100755 --- a/third-party-mappings/remediation_training/secure-code-warrior-links.json +++ b/third-party-mappings/remediation_training/secure-code-warrior-links.json @@ -288,11 +288,32 @@ "insecure_data_transport.executable_download": null, "insecure_data_transport.executable_download.no_secure_integrity_check": "https://integration-api.securecodewarrior.com/api/v1/trial?id=bugcrowd&mappingList=vrt&mappingKey=insecure_data_transport:executable_download:no_secure_integrity_check&redirect=true", "insecure_data_transport.executable_download.secure_integrity_check": "https://integration-api.securecodewarrior.com/api/v1/trial?id=bugcrowd&mappingList=vrt&mappingKey=insecure_data_transport:executable_download:secure_integrity_check&redirect=true", + "physical_security_issues": null, + "physical_security_issues.bypass_of_physical_access_control": null, + "physical_security_issues.weakness_in_physical_access_control": null, + "physical_security_issues.weakness_in_physical_access_control.cloneable_key": null, + "physical_security_issues.weakness_in_physical_access_control.master_key_identification": null, + "physical_security_issues.weakness_in_physical_access_control.commonly_keyed_system": null, "insecure_os_firmware": null, "insecure_os_firmware.command_injection": "https://integration-api.securecodewarrior.com/api/v1/trial?id=bugcrowd&mappingList=vrt&mappingKey=insecure_os_firmware:command_injection&redirect=true", "insecure_os_firmware.hardcoded_password": null, "insecure_os_firmware.hardcoded_password.privileged_user": "https://integration-api.securecodewarrior.com/api/v1/trial?id=bugcrowd&mappingList=vrt&mappingKey=insecure_os_firmware:hardcoded_password:privileged_user&redirect=true", "insecure_os_firmware.hardcoded_password.non_privileged_user": "https://integration-api.securecodewarrior.com/api/v1/trial?id=bugcrowd&mappingList=vrt&mappingKey=insecure_os_firmware:hardcoded_password:non_privileged_user&redirect=true", + "insecure_os_firmware.weakness_in_firmware_updates": null, + "insecure_os_firmware.weakness_in_firmware_updates.firmware_cannot_be_updated": null, + "insecure_os_firmware.weakness_in_firmware_updates.firmware_does_not_validate_update_integrity": null, + "insecure_os_firmware.weakness_in_firmware_updates.firmware_is_not_encrypted": null, + "insecure_os_firmware.kiosk_escape_or_breakout": null, + "insecure_os_firmware.poorly_configured_disk_encryption": null, + "insecure_os_firmware.shared_credentials_on_storage": null, + "insecure_os_firmware.over_permissioned_credentials_on_storage": null, + "insecure_os_firmware.local_administrator_on_default_environment": null, + "insecure_os_firmware.poorly_configured_operating_system_security": null, + "insecure_os_firmware.recovery_of_disk_contains_sensitive_material": null, + "insecure_os_firmware.failure_to_remove_sensitive_artifacts_from_disk": null, + "insecure_os_firmware.data_not_encrypted_at_rest": null, + "insecure_os_firmware.data_not_encrypted_at_rest.sensitive": null, + "insecure_os_firmware.data_not_encrypted_at_rest.non_sensitive": null, "cryptographic_weakness": null, "cryptographic_weakness.insufficient_entropy": null, "cryptographic_weakness.insufficient_entropy.limited_rng_entropy_source": null, @@ -397,4 +418,4 @@ "ai_application_security.llm_security.training_data_poisoning": null, "ai_application_security.llm_security.excessive_agency_permission_manipulation": null, "indicators_of_compromise": null -} +} \ No newline at end of file diff --git a/vulnerability-rating-taxonomy.json b/vulnerability-rating-taxonomy.json index a835e6e5..87dbc846 100644 --- a/vulnerability-rating-taxonomy.json +++ b/vulnerability-rating-taxonomy.json @@ -1806,6 +1806,44 @@ } ] }, + { + "id": "physical_security_issues", + "name": "Physical Security Issues", + "type": "category", + "children": [ + { + "id": "bypass_of_physical_access_control", + "name": "Bypass of physical access control", + "type": "subcategory", + "priority": null + }, + { + "id": "weakness_in_physical_access_control", + "name": "Weakness in physical access control", + "type": "subcategory", + "children": [ + { + "id": "cloneable_key", + "name": "Cloneable Key", + "type": "variant", + "priority": null + }, + { + "id": "master_key_identification", + "name": "Master Key Identification", + "type": "variant", + "priority": null + }, + { + "id": "commonly_keyed_system", + "name": "Commonly Keyed System", + "type": "variant", + "priority": 2 + } + ] + } + ] +}, { "id": "insecure_os_firmware", "name": "Insecure OS/Firmware", @@ -1835,7 +1873,99 @@ "priority": 2 } ] - } + }, + { + "id": "weakness_in_firmware_updates", + "name": "Weakness in Firmware Updates", + "type": "subcategory", + "children": [ + { + "id": "firmware_cannot_be_updated", + "name": "Firmware cannot be updated", + "type": "variant", + "priority": null + }, + { + "id": "firmware_does_not_validate_update_integrity", + "name": "Firmware does not validate update integrity", + "type": "variant", + "priority": 3 + }, + { + "id": "firmware_is_not_encrypted", + "name": "Firmware is not encrypted", + "type": "variant", + "priority": 5 + } + ] + }, + { + "id": "kiosk_escape_or_breakout", + "name": "Kiosk Escape or Breakout", + "type": "subcategory", + "priority": null + }, + { + "id": "poorly_configured_disk_encryption", + "name": "Poorly Configured Disk Encryption", + "type": "subcategory", + "priority": null + }, + { + "id": "shared_credentials_on_storage", + "name": "Shared Credentials on Storage", + "type": "subcategory", + "priority": 3 + }, + { + "id": "over_permissioned_credentials_on_storage", + "name": "Over-Permissioned Credentials on Storage", + "type": "subcategory", + "priority": 2 + }, + { + "id": "local_administrator_on_default_environment", + "name": "Local Administrator on default environment", + "type": "subcategory", + "priority": 2 + }, + { + "id": "poorly_configured_operating_system_security", + "name": "Poorly Configured Operating System Security", + "type": "subcategory", + "priority": null + }, + { + "id": "recovery_of_disk_contains_sensitive_material", + "name": "Recovery of Disk Contains Sensitive Material", + "type": "subcategory", + "priority": null + }, + { + "id": "failure_to_remove_sensitive_artifacts_from_disk", + "name": "Failure to Remove Sensitive Artifacts from Disk", + "type": "subcategory", + "priority": null + }, + { + "id": "data_not_encrypted_at_rest", + "name": "Data not encrypted at rest", + "type": "subcategory", + "children": [ + { + "id": "sensitive", + "name": "Sensitive", + "type": "variant", + "priority": null + }, + { + "id": "non_sensitive", + "name": "Non sensitive", + "type": "variant", + "priority": 5 + } + ] + } ] }, {