1. Home
  2. ATT&CK Techniques
  3. T1542.001 System Firmware

T1542.001 System Firmware Mappings

Adversaries may modify system firmware to persist on systems.The BIOS (Basic Input/Output System) and The Unified Extensible Firmware Interface (UEFI) or Extensible Firmware Interface (EFI) are examples of system firmware that operate as the software interface between the operating system and hardware of a computer. (Citation: Wikipedia BIOS) (Citation: Wikipedia UEFI) (Citation: About UEFI)

System firmware like BIOS and (U)EFI underly the functionality of a computer and may be modified by an adversary to perform or assist in malicious activity. Capabilities exist to overwrite the system firmware, which may give sophisticated adversaries a means to install malicious firmware updates as a means of persistence on a system that may be difficult to detect.

View in MITRE ATT&CK®

Mappings

Capability ID Capability Description Mapping Type ATT&CK ID ATT&CK Name
AC-2 Account Management Protects T1542.001 System Firmware
AC-3 Access Enforcement Protects T1542.001 System Firmware
AC-5 Separation of Duties Protects T1542.001 System Firmware
AC-6 Least Privilege Protects T1542.001 System Firmware
CA-8 Penetration Testing Protects T1542.001 System Firmware
CM-3 Configuration Change Control Protects T1542.001 System Firmware
CM-5 Access Restrictions for Change Protects T1542.001 System Firmware
CM-6 Configuration Settings Protects T1542.001 System Firmware
CM-8 System Component Inventory Protects T1542.001 System Firmware
IA-2 Identification and Authentication (organizational Users) Protects T1542.001 System Firmware
IA-7 Cryptographic Module Authentication Protects T1542.001 System Firmware
IA-8 Identification and Authentication (non-organizational Users) Protects T1542.001 System Firmware
RA-9 Criticality Analysis Protects T1542.001 System Firmware
SA-10 Developer Configuration Management Protects T1542.001 System Firmware
SA-11 Developer Testing and Evaluation Protects T1542.001 System Firmware
SC-34 Non-modifiable Executable Programs Protects T1542.001 System Firmware
SI-2 Flaw Remediation Protects T1542.001 System Firmware
SI-7 Software, Firmware, and Information Integrity Protects T1542.001 System Firmware
CVE-2019-1736 Cisco Identity Services Engine Software primary_impact T1542.001 System Firmware
CVE-2020-5326 Dell Client Consumer and Commercial Platforms secondary_impact T1542.001 System Firmware
CVE-2020-5378 CPG BIOS primary_impact T1542.001 System Firmware
CVE-2020-5376 CPG BIOS primary_impact T1542.001 System Firmware
CVE-2020-5379 CPG BIOS primary_impact T1542.001 System Firmware
CVE-2016-5645 n/a uncategorized T1542.001 System Firmware
CVE-2015-7925 n/a uncategorized T1542.001 System Firmware
action.malware.variety.Rootkit Rootkit (maintain local privileges and stealth) related-to T1542.001 Pre-OS Boot: System Firmware