Loading EN-304-626.md +5 −16 Original line number Diff line number Diff line Loading @@ -2232,33 +2232,22 @@ Mitigations for Impact: * High to Low: LOGG #### C.4.3.9 TH-AHHS: Harm to host system via unauthorized access through the network #### C.4.3.9 TH-LEAK: Data leak through side channels Attacker may use unauthorized access to the product through the network to harm the host system. _Note: If the attacker has physical or host system software access, they don't need to use the network device to harm the system._ Attacker may use the ability to run arbitrary software on the product to get unauthorized read access to confidential data. | Risk factors | Likelihood | Security profiles | |-------------------------------|------------|-------------------| | NET = 0 or COM = 0 or ADM = 0 | Low | WD-1, VI-1 | | all others | Medium | WD-4 | | NET = 2 & COM = 2 & ADM = 2 | High | WL-2, WL-3, VI-2 | | Risk factors | Impact | Security profiles | |--------------|--------|-------------------------------| | SYS = 0 | Low | none | | SYS = 1 | Medium | WD-1, WD-3, WL-1, VI-1 | | SYS = 2 | High | WD-2, WD-4, WL-2, WL-3, VI-2 | Requirements that mitigate this threat: NKEV, SSDD, LMII, SCUD, AUTH, LMAS, LOGG All mitigations from TH-KEVU apply (using that requirement's risk formula), plus: Requirements that mitigate this threat: Mitigations for Likelihood: * Medium to Low: AUTH * Medium to Low: * High to Low: AUTH * High to Low: ## C.5 Mapping of use cases to risk factors Loading Loading
EN-304-626.md +5 −16 Original line number Diff line number Diff line Loading @@ -2232,33 +2232,22 @@ Mitigations for Impact: * High to Low: LOGG #### C.4.3.9 TH-AHHS: Harm to host system via unauthorized access through the network #### C.4.3.9 TH-LEAK: Data leak through side channels Attacker may use unauthorized access to the product through the network to harm the host system. _Note: If the attacker has physical or host system software access, they don't need to use the network device to harm the system._ Attacker may use the ability to run arbitrary software on the product to get unauthorized read access to confidential data. | Risk factors | Likelihood | Security profiles | |-------------------------------|------------|-------------------| | NET = 0 or COM = 0 or ADM = 0 | Low | WD-1, VI-1 | | all others | Medium | WD-4 | | NET = 2 & COM = 2 & ADM = 2 | High | WL-2, WL-3, VI-2 | | Risk factors | Impact | Security profiles | |--------------|--------|-------------------------------| | SYS = 0 | Low | none | | SYS = 1 | Medium | WD-1, WD-3, WL-1, VI-1 | | SYS = 2 | High | WD-2, WD-4, WL-2, WL-3, VI-2 | Requirements that mitigate this threat: NKEV, SSDD, LMII, SCUD, AUTH, LMAS, LOGG All mitigations from TH-KEVU apply (using that requirement's risk formula), plus: Requirements that mitigate this threat: Mitigations for Likelihood: * Medium to Low: AUTH * Medium to Low: * High to Low: AUTH * High to Low: ## C.5 Mapping of use cases to risk factors Loading
