Description
Non-replicating malicious code only resides on the target system or product that is attacked; it does not attempt to spread to other systems.
Potential Impact
Confidentiality, Integrity, Availability
Execute Unauthorized Code or Commands
Mitigations & Prevention
Antivirus software can help mitigate known malicious code.
Verify the integrity of the software that is being installed.
Related Weaknesses
Taxonomy Mappings
- Landwehr: — Non-Replicating
Frequently Asked Questions
What is CWE-508?
CWE-508 (Non-Replicating Malicious Code) is a software weakness identified by MITRE's Common Weakness Enumeration. It is classified as a Base-level weakness. Non-replicating malicious code only resides on the target system or product that is attacked; it does not attempt to spread to other systems.
How can CWE-508 be exploited?
Attackers can exploit CWE-508 (Non-Replicating Malicious Code) to execute unauthorized code or commands. This weakness is typically introduced during the Distribution, Implementation, Operation phase of software development.
How do I prevent CWE-508?
Key mitigations include: Antivirus software can help mitigate known malicious code.
What is the severity of CWE-508?
CWE-508 is classified as a Base-level weakness (Medium abstraction). Its actual severity depends on the specific context and how the weakness manifests in your application.