Requirements that mitigate this threat: NKEV, SSDD, SCUD, NUTI, LOGG, VULH
All mitigations from TH-UEVU apply (using that requirement's risk formula), in addition to:
@@ -841,7 +840,6 @@ Attacker may read sensitive data sent outside the VPN connection by the product.
| DAT = 2 | High | SP-3, SP-4, SP-5 |
| all others | Medium | SP-1, SP-2 |
Requirements that mitigate this threat: ROUT, CONF, DNSL, IPv6, CRYPT
Mitigations for Likelihood:
@@ -874,7 +872,6 @@ Attacker may read sensitive data transmitted without encryption in a single endp
| all others | Medium | SP-2 |
| CON > 0 or max(DAT, FUN) = 0 | Low | SP-1, SP-4, SP-5 |
Requirements that mitigate this threat: EISO, CRYPT, AUTH, ROUT, DNSL
Mitigations for Likelihood:
@@ -907,7 +904,6 @@ Attacker may read sensitive data transmitted without encryption in a VPN which c
| all others | Medium | none |
| CON = 0 or max(DAT, FUN) = 0 | Low | SP-1, SP-2, SP-3 |
Requirements that mitigate this threat: CRYPT, AUTH, ROUT, DNSL
Mitigations for Likelihood:
@@ -939,7 +935,6 @@ Attacker may attempt to authenticate in an unauthorised manner to get access to
| all others | Medium | SP-2 |
| max (DAT, FUN) = 0 | Low | SP-1 |
Requirements that mitigate this threat: AUTH, LOGG
Mitigations for Likelihood:
@@ -970,7 +965,6 @@ Attacker may remove evidence of compromise from the endpoint.
| max(DAT, FUN) = 2 | High | SP-3, SP-4, SP-5 |
| all others | Low | SP-1, SP-2 |
Requirements that mitigate this threat: LOGG
Mitigations for Likelihood:
@@ -1003,7 +997,6 @@ Attacker may use configuration errors to get unauthorised access to product asse
| all others | Medium | SP-2 |
| CON > 0 or max(DAT, FUN) = 0 | Low | SP-1, SP-4, SP-5 |
Requirements that mitigate this threat: CONF, TRAF, IPv6, CDST, LOGG
Mitigations for Likelihood:
@@ -1036,7 +1029,6 @@ Attacker may use configuration errors to get unauthorised access to product asse
| all others | Medium | none |
| CON = 0 or max(DAT, FUN) = 0 | Low | SP-1, SP-2, SP-3 |
Requirements that mitigate this threat: CONF, TRAF, IPv6, CDST, LOGG
Mitigations for Likelihood:
@@ -1067,7 +1059,6 @@ Attacker may use user metadata such as IP addresses and traffic analysis to comp
| PER = 2 | High | SP-3 |
| all others | Medium | SP-1, SP-2, SP-4, SP-5 |
Requirements that mitigate this threat:
Mitigations for Likelihood:
@@ -1100,7 +1091,6 @@ Attacker may use compromise or isolation errors in remote data processing system
| all others | Medium | SP-2, SP-4 |
| DAT = 0 & FUN = 0 | Low | SP-1 |
Requirements that mitigate this threat: TODO
Mitigations for Likelihood:
@@ -1133,7 +1123,6 @@ Attacker may get unauthorised access to confidential data stored on the product
| all others | Medium | SP-2, |
| DAT = 0 | Low | SP-1 |
Requirements that mitigate this threat: AUTH, CDST, SCDL, SDRF
Mitigations for Likelihood:
@@ -1164,7 +1153,6 @@ Attacker may get unauthorised access to personally identifiable information stor
| PER = 2 | High | SP-3 |
| all others | Medium | SP-1, SP-2, SP-4, SP-5 |
Requirements that mitigate this threat: AUTH, DMIN, CRYPT, AUTH, ROUT, DNSL, CDST, SCDL, SDRF, LOGG
All mitigations from TH-UEAC, TH-MITM, TH-LEAK, TH-PLNS, TH-PLNM, TH-UNAA, TH-CONF, TH-META, TH-RCOM, TH-USED apply (using those requirement's risk formula), in addition to:
