VYPR

CWE-494

Download of Code Without Integrity Check

BaseDraftLikelihood: Medium

Description

The product downloads source code or an executable from a remote location and executes the code without sufficiently verifying the origin and integrity of the code.

An attacker can execute malicious code by compromising the host server, performing DNS spoofing, or modifying the code in transit.

Hierarchy (View 1000)

Children

none

Related attack patterns (CAPEC)

CAPEC-184 · CAPEC-185 · CAPEC-186 · CAPEC-187 · CAPEC-533 · CAPEC-538 · CAPEC-657 · CAPEC-662 · CAPEC-691 · CAPEC-692 · CAPEC-693 · CAPEC-695

CVEs mapped to this weakness (62)

page 4 of 4
  • CVE-2019-10240Apr 3, 2019
    risk 0.00cvss epss 0.00

    Eclipse hawkBit versions prior to 0.3.0M2 resolved Maven build artifacts for the Vaadin based UI over HTTP instead of HTTPS. Any of these dependent artifacts could have been maliciously compromised by a MITM attack. Hence produced build artifacts of hawkBit might be infected.

  • CVE-2014-2378Sep 5, 2014
    risk 0.00cvss epss 0.01

    Sensys Networks VSN240-F and VSN240-T sensors VDS before 2.10.1 and TrafficDOT before 2.10.3 do not verify the integrity of downloaded updates, which allows remote attackers to execute arbitrary code via a Trojan horse update.