CCE-95600-3Platform: cpe:/o:debian:debian_linux:11.x, cpe:/o:ubuntu:ubuntu_linux:16.04, cpe:/o:ubuntu:ubuntu_linux:18.04, cpe:/o:ubuntu:ubuntu_linux:20.04, cpe:/o:ubuntu:ubuntu_linux:22.04, cpe:/o:ubuntu:ubuntu_linux:23.04 | Date: (C)2021-03-08 (M)2023-09-01 |
USB storage provides a means to transfer and store files insuring persistence and availability of the files independent of network connection status. Its popularity and utility has led to USB-based malware being a simple and common means for network infiltration and a first step to establishing a persistent threat within a networked environment.
Options Explained:
disable - would disable the module.
disable with error logged - would disable the module and log whenever module is inserted.
enable - would enable the module.
Rationale:
Restricting USB access on the system will decrease the physical attack surface for a device and diminish the possible vectors to introduce malware.
Fix:
Edit or create a file in the /etc/modprobe.d/ directory ending in .conf. Add the following to the file install usb-storage /bin/true
Parameter:
[disable/disable with error logged/enable]
Technical Mechanism:
Edit or create a file in the /etc/modprobe.d/ directory ending in .conf. Add the following to the file install usb-storage /bin/true
CCSS Severity: | CCSS Metrics: |
CCSS Score : 5.2 | Attack Vector: PHYSICAL |
Exploit Score: 0.9 | Attack Complexity: LOW |
Impact Score: 4.2 | Privileges Required: NONE |
Severity: MEDIUM | User Interaction: NONE |
Vector: AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H | Scope: UNCHANGED |
| Confidentiality: LOW |
| Integrity: NONE |
| Availability: HIGH |
| |
References: Resource Id | Reference |
---|
SCAP Repo OVAL Definition | oval:org.secpod.oval:def:87336 |
SCAP Repo OVAL Definition | oval:org.secpod.oval:def:92319 |
SCAP Repo OVAL Definition | oval:org.secpod.oval:def:68653 |
SCAP Repo OVAL Definition | oval:org.secpod.oval:def:70646 |
SCAP Repo OVAL Definition | oval:org.secpod.oval:def:70735 |
SCAP Repo OVAL Definition | oval:org.secpod.oval:def:85179 |