STIX 2.0 Proposal17: Clarify semantics of different types of Exploit Targets as expressed in the Exploit Target construct (#387)
There is currently a lack of semantic clarity with regards to Vulnerability, Weakness and Configuration within Exploit Targets. It is the current semantic intent that each of these are separate types of Exploit Targets and a single Exploit Target instance would not include more than one of them.
Propose breaking out Vulnerability, Weakness and Configuration into separate IDable types derived from a common Exploit Target type.
Example #1: simple vulnerability with a simple related weakness and a simple TTP targeting the vulnerability
{
"id": "example:ttp-e5d3e508-553a-4a0d-b2b2-ab578a34edfc",
"type": "exploit",
"timestamp": {"value": "2015-12-21T19:59:22.000000+00:00"},
"title": "Remote Access through TempURL",
"intended_effect": [
{
"timestamp": {
"value": "2015-12-21T00:00:00.000000+00:00",
"timestamp_precision": "day"
},
"value": {
"value": "Unauthorized Access",
"vocab": "intended-effect-vocab-1.0"
}
}
]
}
{
"id": "example:et-2d470518-e91d-432f-bd2c-b87c2653a648",
"type": "vulnerability",
"timestamp": {"value": "2015-12-21T19:59:11.000000+00:00"},
"cve_id": "CVE-2014-0006",
"cvss_score": {
"overall_score": "4.3",
"base_score": "4.3",
"base_vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"
},
"published_datetime": "2014-01-22T20:55:04.000007-05:00",
}
{
"id": "example:et-2221091c-ab94-4089-a91b-82e6daae8bc4",
"type": "weakness",
"timestamp": {"value": "2015-12-21T19:59:31.000000+00:00"},
"cwe_id": "CWE-200"
}
{
"id": "example:rel-d77aa1de-0787-42c7-8fbb-78569984980b",
"type": "related-weakness",
"timestamp": {"value": "2015-12-21T19:59:47.000000+00:00"},
"relationship_nature": {"value": "Related Weakness"},
"from": "example:et-2d470518-e91d-432f-bd2c-b87c2653a648",
"to": "example:et-2221091c-ab94-4089-a91b-82e6daae8bc4"
}