| Secure deletion and data transfer | SCDL, SDTR |
@@ -1663,31 +1663,180 @@ Optional:
The approach to listing threats is to separate them by attack vector so that they may be associated with risk factors more directly.
### C.2.3 List of threats
For the purposes of the list of threats, the product includes:
* the physical network interface (if any)
* the device driver (if any)
* the virtual network interface (if any)
**[TH-NADF]:** Attacker may use network access to get unauthorized access to the functions of or data stored on the product.
The risk factors by type are:
Likelihood: LOC NET COM ADM LIS
Impact: SYS SDS SDT FUN INT DOS
For each threat, a table shows how to use the risk factors to calculate the level of likelihood or impact. The levels are Low, Medium, or High.
### C.2.3 List of threats
**[TH-KEVU]:** Attacker may use known exploitable vulnerabilities in the network interface implementation to get unauthorized access to product assets.
| (LOC > 1 or NET > 1) & COM > 1 & ADM = 1 | High |
| (LOC = 1 or NET = 1) & COM > 1 & ADM = 1 | Medium |
| (LOC < 1 & NET < 1) or COM = 0 or ADM = 0 | Low |
| Risk factors | Impact |
|----------------------------------|--------|
| max(SYS, SDS, SDT, FUN, DOS) = 2 | High |
| max(SYS, SDS, SDT, FUN, DOS) = 1 | Medium |
| max(SYS, SDS, SDT, FUN, DOS) = 0 | Low |
Requirements: NKEV, SCUD, SSDD, MSAF, LMAS, LOGG
**[TH-UEVU]:** Attacker may use unknown exploitable vulnerabilities in the network interface implementation to get unauthorized access to product assets.
| Risk factors | Likelihood |
|--------------------------------|------------|
| (LOC > 1 or NET > 1) & COM > 1 | High |
| (LOC = 1 or NET = 1) & COM > 1 | Medium |
| (LOC < 1 & NET < 1) or COM = 0 | Low |
| Risk factors | Impact |
|----------------------------------|--------|
| max(SYS, SDS, SDT, FUN, DOS) = 2 | High |
| max(SYS, SDS, SDT, FUN, DOS) = 1 | Medium |
| max(SYS, SDS, SDT, FUN, DOS) = 0 | Low |
Requirements: SSDD, MSAF, DMIN, LMAS, LOGG
**[TH-PHYS]:** Attacker may get unauthorized access to confidential data stored on the product through acquisition of a used product.
| Risk factors | Likelihood |
|--------------|------------|
| ADM = 0 | High |
| ADM = 1 | Medium |
| Risk factors | Impact |
|--------------|--------|
| SDS = 2 | High |
| SDS = 1 | Medium |
| SDS = 0 | Low |
Requirements: SDEL
**[TH-CONF]:** Attacker may use configuration errors to get unauthorized access to the product assets.
**[TH-NADT]:** Attacker may use network access to get unauthorized access to data transmitted by the product.
| Risk factors | Likelihood |
|--------------------------------|------------|
| (LOC > 1 or NET > 1) & ADM = 1 | High |
| (LOC = 1 or NET = 1) & ADM = 0 | Medium |
| (LOC < 1 & NET < 1) | Low |
**[TH-NADS]:** Attacker may use network access for a denial-of-service attack on product functions.
| Risk factors | Impact |
|----------------------------------|--------|
| max(SYS, SDS, SDT, FUN, DOS) = 2 | High |
| max(SYS, SDS, SDT, FUN, DOS) = 1 | Medium |
| max(SYS, SDS, SDT, FUN, DOS) = 0 | Low |
**[TH-HADF]:** Attacker may use unprivileged host system access to get unauthorized access to the functions of or data stored on the product.
Requirements: SDEF, DMIN, LOGG
**[TH-HADT]:** Attacker may use unprivileged host system access to get unauthorized access to data transmitted by the product.
**[TH-UADT]:** Attacker may use network access to get unauthorized access to confidential data transmitted by the product.
**[TH-HADS]:** Attacker may use unprivileged host system access for a denial-of-service attack on product functions.
| Risk factors | Likelihood |
|--------------|------------|
| LIS = 2 | High |
| LIS = 1 | Medium |
| LIS = 0 | Low |
| Risk factors | Impact |
|--------------|--------|
| SDT = 2 | High |
| SDT = 1 | Medium |
| SDT = 0 | Low |
Requirements: CDTX, DMIN, LMAS
**[TH-AVAI]:** Attacker may exploit vulnerabilities in the product to reduce availability of product assets.
| Risk factors | Likelihood |
|--------------------------------|------------|
| (LOC > 1 or NET > 1) & COM > 1 | High |
| (LOC = 1 or NET = 1) & COM > 1 | Medium |
| (LOC < 1 & NET < 1) or COM = 0 | Low |
| Risk factors | Impact |
|------------------------|--------|
| max(SDS, SDT, FUN) = 2 | High |
| max(SDS, SDT, FUN) = 1 | Medium |
| max(SDS, SDT, FUN) = 0 | Low |
Requirements: AVAI, MSAF, LMAS, LOGG
**[TH-FDOS]:** Attacker may use host system or network access for a denial-of-service attack on product functions.
| Risk factors | Likelihood |
|--------------------------------|------------|
| (LOC > 1 or NET > 1) & COM > 1 | High |
| (LOC = 1 or NET = 1) & COM > 1 | Medium |
| (LOC < 1 & NET < 1) or COM = 0 | Low |
| Risk factors | Impact |
|--------------|--------|
| FUN = 2 | High |
| FUN = 1 | Medium |
| FUN = 0 | Low |
Requirements: AVAI, LMAS, LOGG
**[TH-DDOS]:** Attacker may exploit vulnerabilities in the product to attack other products.
| Risk factors | Likelihood |
|--------------------------------|------------|
| (LOC > 1 or NET > 1) & COM > 1 | High |
| (LOC = 1 or NET = 1) & COM > 1 | Medium |
| (LOC < 1 & NET < 1) or COM = 0 | Low |
| Risk factors | Impact |
|--------------|--------|
| DOS = 2 | High |
| DOS = 1 | Medium |
| DOS = 0 | Low |
Requirements: AVAI, LMAS, LOGG
**[TH-MQSE]:** Attacker may masquerade as an authorized server to get unauthorized access to product assets.
**[TH-HAHH]:** Attacker may use unauthorized access to the product to harm the host system.
| Risk factors | Likelihood |
|---------------------|------------|
| NET > 1 & COM > 1 | High |
| NET = 1 or COM = 1 | Medium |
| NET = 0 and COM = 0 | Low |
| Risk factors | Impact |
|----------------------------------|--------|
| max(SYS, SDS, SDT, FUN, DOS) = 2 | High |
| max(SYS, SDS, SDT, FUN, DOS) = 1 | Medium |
| max(SYS, SDS, SDT, FUN, DOS) = 0 | Low |
Requirements: CDTX, IDTX, SCUD, LOGG
**[TH-AHHS]:** Attacker may use unauthorized access to the product to harm the host system.
| Risk factors | Likelihood |
|--------------------------------|------------|
| (LOC > 1 or NET > 1) & COM > 1 | High |
| (LOC = 1 or NET = 1) & COM > 1 | Medium |
| (LOC < 1 & NET < 1) or COM = 0 | Low |
| Risk factors | Impact |
|--------------|--------|
| SYS = 2 | High |
| SYS = 1 | Medium |
| SYS = 0 | Low |
**[TH-HAHN]:** Attacker may use unauthorized access to the product to harm other products on the attached network.
