T1602.002 Network Device Configuration Dump Mappings

Adversaries may access network configuration files to collect sensitive data about the device and the network. The network configuration is a file containing parameters that determine the operation of the device. The device typically stores an in-memory copy of the configuration while operating, and a separate configuration on non-volatile storage to load after device reset. Adversaries can inspect the configuration files to reveal information about the target network and its layout, the network device and its software, or identifying legitimate accounts and credentials for later use.

Adversaries can use common management tools and protocols, such as Simple Network Management Protocol (SNMP) and Smart Install (SMI), to access network configuration files.(Citation: US-CERT TA18-106A Network Infrastructure Devices 2018)(Citation: Cisco Blog Legacy Device Attacks) These tools may be used to query specific data from a configuration repository or configure the device to export the configuration for later analysis.

View in MITRE ATT&CK®

Mappings

Capability ID Capability Description Mapping Type ATT&CK ID ATT&CK Name
AC-16 Security and Privacy Attributes Protects T1602.002 Network Device Configuration Dump
AC-17 Remote Access Protects T1602.002 Network Device Configuration Dump
AC-18 Wireless Access Protects T1602.002 Network Device Configuration Dump
AC-19 Access Control for Mobile Devices Protects T1602.002 Network Device Configuration Dump
AC-20 Use of External Systems Protects T1602.002 Network Device Configuration Dump
AC-3 Access Enforcement Protects T1602.002 Network Device Configuration Dump
AC-4 Information Flow Enforcement Protects T1602.002 Network Device Configuration Dump
CA-7 Continuous Monitoring Protects T1602.002 Network Device Configuration Dump
CM-2 Baseline Configuration Protects T1602.002 Network Device Configuration Dump
CM-6 Configuration Settings Protects T1602.002 Network Device Configuration Dump
CM-7 Least Functionality Protects T1602.002 Network Device Configuration Dump
CM-8 System Component Inventory Protects T1602.002 Network Device Configuration Dump
IA-3 Device Identification and Authentication Protects T1602.002 Network Device Configuration Dump
IA-4 Identifier Management Protects T1602.002 Network Device Configuration Dump
SC-28 Protection of Information at Rest Protects T1602.002 Network Device Configuration Dump
SC-3 Security Function Isolation Protects T1602.002 Network Device Configuration Dump
SC-4 Information in Shared System Resources Protects T1602.002 Network Device Configuration Dump
SC-7 Boundary Protection Protects T1602.002 Network Device Configuration Dump
SC-8 Transmission Confidentiality and Integrity Protects T1602.002 Network Device Configuration Dump
SI-10 Information Input Validation Protects T1602.002 Network Device Configuration Dump
SI-12 Information Management and Retention Protects T1602.002 Network Device Configuration Dump
SI-15 Information Output Filtering Protects T1602.002 Network Device Configuration Dump
SI-3 Malicious Code Protection Protects T1602.002 Network Device Configuration Dump
SI-4 System Monitoring Protects T1602.002 Network Device Configuration Dump
SI-7 Software, Firmware, and Information Integrity Protects T1602.002 Network Device Configuration Dump
action.hacking.variety.Scan network Enumerating the state of the network related-to T1602.002 Data from Configuration Repository: Network Device Configuration Dump
attribute.confidentiality.data_disclosure related-to T1602.002 Data from Configuration Repository: Network Device Configuration Dump