T1190 Exploit Public-Facing Application Mappings

Adversaries may attempt to take advantage of a weakness in an Internet-facing computer or program using software, data, or commands in order to cause unintended or unanticipated behavior. The weakness in the system can be a bug, a glitch, or a design vulnerability. These applications are often websites, but can include databases (like SQL), standard services (like SMB or SSH), network device administration and management protocols (like SNMP and Smart Install), and any other applications with Internet accessible open sockets, such as web servers and related services.(Citation: NVD CVE-2016-6662)(Citation: CIS Multiple SMB Vulnerabilities)(Citation: US-CERT TA18-106A Network Infrastructure Devices 2018)(Citation: Cisco Blog Legacy Device Attacks)(Citation: NVD CVE-2014-7169) Depending on the flaw being exploited this may include Exploitation for Defense Evasion.

If an application is hosted on cloud-based infrastructure and/or is containerized, then exploiting it may lead to compromise of the underlying instance or container. This can allow an adversary a path to access the cloud or container APIs, exploit container host access via Escape to Host, or take advantage of weak identity and access management policies.

For websites and databases, the OWASP top 10 and CWE top 25 highlight the most common web-based vulnerabilities.(Citation: OWASP Top 10)(Citation: CWE top 25)

View in MITRE ATT&CK®

Mappings

Capability ID Capability Description Mapping Type ATT&CK ID ATT&CK Name
AC-2 Account Management Protects T1190 Exploit Public-Facing Application
AC-3 Access Enforcement Protects T1190 Exploit Public-Facing Application
AC-4 Information Flow Enforcement Protects T1190 Exploit Public-Facing Application
AC-5 Separation of Duties Protects T1190 Exploit Public-Facing Application
AC-6 Least Privilege Protects T1190 Exploit Public-Facing Application
CA-2 Control Assessments Protects T1190 Exploit Public-Facing Application
CA-7 Continuous Monitoring Protects T1190 Exploit Public-Facing Application
CM-5 Access Restrictions for Change Protects T1190 Exploit Public-Facing Application
CM-6 Configuration Settings Protects T1190 Exploit Public-Facing Application
CM-7 Least Functionality Protects T1190 Exploit Public-Facing Application
CM-8 System Component Inventory Protects T1190 Exploit Public-Facing Application
IA-2 Identification and Authentication (organizational Users) Protects T1190 Exploit Public-Facing Application
IA-8 Identification and Authentication (non-organizational Users) Protects T1190 Exploit Public-Facing Application
RA-10 Threat Hunting Protects T1190 Exploit Public-Facing Application
RA-5 Vulnerability Monitoring and Scanning Protects T1190 Exploit Public-Facing Application
SA-8 Security and Privacy Engineering Principles Protects T1190 Exploit Public-Facing Application
SC-18 Mobile Code Protects T1190 Exploit Public-Facing Application
SC-2 Separation of System and User Functionality Protects T1190 Exploit Public-Facing Application
SC-29 Heterogeneity Protects T1190 Exploit Public-Facing Application
SC-3 Security Function Isolation Protects T1190 Exploit Public-Facing Application
SC-30 Concealment and Misdirection Protects T1190 Exploit Public-Facing Application
SC-39 Process Isolation Protects T1190 Exploit Public-Facing Application
SC-46 Cross Domain Policy Enforcement Protects T1190 Exploit Public-Facing Application
SC-7 Boundary Protection Protects T1190 Exploit Public-Facing Application
SI-10 Information Input Validation Protects T1190 Exploit Public-Facing Application
SI-2 Flaw Remediation Protects T1190 Exploit Public-Facing Application
SI-3 Malicious Code Protection Protects T1190 Exploit Public-Facing Application
SI-4 System Monitoring Protects T1190 Exploit Public-Facing Application
SI-7 Software, Firmware, and Information Integrity Protects T1190 Exploit Public-Facing Application
action.hacking.variety.Exploit misconfig Exploit a misconfiguration (vs vuln or weakness) related-to T1190 Exploit Public-Facing Application
action.hacking.variety.SQLi SQL injection. Child of 'Exploit vuln'. related-to T1190 Exploit Public-Facing Application