CWE-506: Embedded Malicious Code
CWE版本: 4.18
更新日期: 2025-09-09
弱点描述
The product contains code that appears to be malicious in nature.
扩展描述
Malicious flaws have acquired colorful names, including Trojan horse, trapdoor, timebomb, and logic-bomb. A developer might insert malicious code with the intent to subvert the security of a product or its host system at some time in the future. It generally refers to a program that performs a useful service but exploits rights of the program's user in a way the user does not intend.
常见后果
影响范围: Confidentiality Integrity Availability
技术影响: Execute Unauthorized Code or Commands
潜在缓解措施
阶段: Testing
描述: Remove the malicious code and start an effort to ensure that no more malicious code exists. This may require a detailed review of all code, as it is possible to hide a serious attack in only one or two lines of code. These lines may be located almost anywhere in an application and may have been intentionally obfuscated by the attacker.
检测方法
方法: Manual Static Analysis - Binary or Bytecode
有效性: SOAR Partial
方法: Dynamic Analysis with Manual Results Interpretation
有效性: SOAR Partial
方法: Manual Static Analysis - Source Code
有效性: SOAR Partial
方法: Automated Static Analysis
有效性: SOAR Partial
观察示例
参考: CVE-2022-30877
A command history tool was shipped with a code-execution backdoor inserted by a malicious party.
引入模式
| 阶段 | 说明 |
|---|---|
| Implementation | - |
| Bundling | - |
| Distribution | - |
| Installation | - |
分类映射
| 分类名称 | 条目ID | 条目名称 | 映射适配度 |
|---|---|---|---|
| Landwehr | - | Malicious | - |
关键信息
CWE ID: CWE-506
抽象级别: Class
结构: Simple
状态: Incomplete