T1190 Exploit Public-Facing Application Mappings

Adversaries may attempt to take advantage of a weakness in an Internet-facing computer or program using software, data, or commands in order to cause unintended or unanticipated behavior. The weakness in the system can be a bug, a glitch, or a design vulnerability. These applications are often websites, but can include databases (like SQL)(Citation: NVD CVE-2016-6662), standard services (like SMB(Citation: CIS Multiple SMB Vulnerabilities) or SSH), network device administration and management protocols (like SNMP and Smart Install(Citation: US-CERT TA18-106A Network Infrastructure Devices 2018)(Citation: Cisco Blog Legacy Device Attacks)), and any other applications with Internet accessible open sockets, such as web servers and related services.(Citation: NVD CVE-2014-7169) Depending on the flaw being exploited this may include Exploitation for Defense Evasion.

If an application is hosted on cloud-based infrastructure and/or is containerized, then exploiting it may lead to compromise of the underlying instance or container. This can allow an adversary a path to access the cloud or container APIs, exploit container host access via Escape to Host, or take advantage of weak identity and access management policies.

For websites and databases, the OWASP top 10 and CWE top 25 highlight the most common web-based vulnerabilities.(Citation: OWASP Top 10)(Citation: CWE top 25)

View in MITRE ATT&CK®

Mappings

Capability ID Capability Description Mapping Type ATT&CK ID ATT&CK Name
identity_aware_proxy Identity Aware Proxy technique_scores T1190 Exploit Public-Facing Application
artifact_registry Artifact Registry technique_scores T1190 Exploit Public-Facing Application
cloud_ids Cloud IDS technique_scores T1190 Exploit Public-Facing Application
cloud_armor Cloud Armor technique_scores T1190 Exploit Public-Facing Application
chronicle Chronicle technique_scores T1190 Exploit Public-Facing Application
security_command_center Security Command Center technique_scores T1190 Exploit Public-Facing Application
virtual_private_cloud Virtual Private Cloud technique_scores T1190 Exploit Public-Facing Application
vmmanager VMManager technique_scores T1190 Exploit Public-Facing Application