208 – Security controls bypass or absence - Antivirus

Description

It is possible to modify files that disable antivirus and DLP so that protection settings against various attacks are disabled.

Impact

- Disable antivirus and DLP policies. - Access and modifying system information and configurations.

Recommendation

Implement mechanisms to avoid modifying antivirus and DLP configurations.

Threat

Unauthorized internal attacker.

Expected Remediation Time

120 minutes.

Score 4.0

Default score using CVSS 4.0. It may change depending on the context of the src.

Base 4.0

• Attack vector: P
• Attack complexity: L
• Attack Requirements: N
• Privileges required: N
• User interaction: N
• Confidentiality (VC): N
• Integrity (VI): H
• Availability (VA): H
• Confidentiality (SC): N
• Integrity (SI): N
• Availability (SA): N

Threat 4.0

• Exploit maturity: X

Requirements

• 062 - Define standard configurations
• 266 - Disable insecure functionalities
• 273 - Define a fixed security suite

Fixes

• Go
• Java
• Scala

Last updated

2024/02/16