Description
Replicating malicious code, including viruses and worms, will attempt to attack other systems once it has successfully compromised the target system or the product.
Potential Impact
Confidentiality, Integrity, Availability
Execute Unauthorized Code or Commands
Mitigations & Prevention
Antivirus software scans for viruses or worms.
Always verify the integrity of the software that is being installed.
Related Weaknesses
Taxonomy Mappings
- Landwehr: — Replicating (virus)
Frequently Asked Questions
What is CWE-509?
CWE-509 (Replicating Malicious Code (Virus or Worm)) is a software weakness identified by MITRE's Common Weakness Enumeration. It is classified as a Base-level weakness. Replicating malicious code, including viruses and worms, will attempt to attack other systems once it has successfully compromised the target system or the product.
How can CWE-509 be exploited?
Attackers can exploit CWE-509 (Replicating Malicious Code (Virus or Worm)) to execute unauthorized code or commands. This weakness is typically introduced during the Implementation, Operation phase of software development.
How do I prevent CWE-509?
Key mitigations include: Antivirus software scans for viruses or worms.
What is the severity of CWE-509?
CWE-509 is classified as a Base-level weakness (Medium abstraction). Its actual severity depends on the specific context and how the weakness manifests in your application.