T1548 Abuse Elevation Control Mechanism Mappings

Adversaries may circumvent mechanisms designed to control elevate privileges to gain higher-level permissions. Most modern systems contain native elevation control mechanisms that are intended to limit privileges that a user can perform on a machine. Authorization has to be granted to specific users in order to perform tasks that can be considered of higher risk. An adversary can perform several methods to take advantage of built-in control mechanisms in order to escalate privileges on a system.

View in MITRE ATT&CK®

Mappings

Capability ID Capability Description Mapping Type ATT&CK ID ATT&CK Name
AC-16 Security and Privacy Attributes Protects T1548 Abuse Elevation Control Mechanism
AC-2 Account Management Protects T1548 Abuse Elevation Control Mechanism
AC-3 Access Enforcement Protects T1548 Abuse Elevation Control Mechanism
AC-5 Separation of Duties Protects T1548 Abuse Elevation Control Mechanism
AC-6 Least Privilege Protects T1548 Abuse Elevation Control Mechanism
CA-7 Continuous Monitoring Protects T1548 Abuse Elevation Control Mechanism
CA-8 Penetration Testing Protects T1548 Abuse Elevation Control Mechanism
CM-2 Baseline Configuration Protects T1548 Abuse Elevation Control Mechanism
CM-5 Access Restrictions for Change Protects T1548 Abuse Elevation Control Mechanism
CM-6 Configuration Settings Protects T1548 Abuse Elevation Control Mechanism
CM-7 Least Functionality Protects T1548 Abuse Elevation Control Mechanism
CM-8 System Component Inventory Protects T1548 Abuse Elevation Control Mechanism
IA-2 Identification and Authentication (organizational Users) Protects T1548 Abuse Elevation Control Mechanism
RA-5 Vulnerability Monitoring and Scanning Protects T1548 Abuse Elevation Control Mechanism
SC-18 Mobile Code Protects T1548 Abuse Elevation Control Mechanism
SC-34 Non-modifiable Executable Programs Protects T1548 Abuse Elevation Control Mechanism
SI-12 Information Management and Retention Protects T1548 Abuse Elevation Control Mechanism
SI-16 Memory Protection Protects T1548 Abuse Elevation Control Mechanism
SI-3 Malicious Code Protection Protects T1548 Abuse Elevation Control Mechanism
SI-4 System Monitoring Protects T1548 Abuse Elevation Control Mechanism
SI-7 Software, Firmware, and Information Integrity Protects T1548 Abuse Elevation Control Mechanism
CVE-2019-1812 Cisco NX-OS Software secondary_impact T1548 Abuse Elevation Control Mechanism
CVE-2019-3717 Dell Client Commercial and Consumer platforms primary_impact T1548 Abuse Elevation Control Mechanism
CVE-2015-8562 n/a uncategorized T1548 Abuse Elevation Control Mechanism
CVE-2015-1539 n/a uncategorized T1548 Abuse Elevation Control Mechanism
CVE-2010-3765 n/a uncategorized T1548 Abuse Elevation Control Mechanism
CVE-2013-7246 n/a uncategorized T1548 Abuse Elevation Control Mechanism
CVE-2017-14486 n/a uncategorized T1548 Abuse Elevation Control Mechanism
action.hacking.variety.Abuse of functionality Abuse of functionality related-to T1548 Abuse Elevation Control Mechanism
amazon_inspector Amazon Inspector technique_scores T1548 Abuse Elevation Control Mechanism

ATT&CK Subtechniques

Technique ID Technique Name Number of Mappings
T1548.002 Bypass User Account Control 17
T1548.004 Elevated Execution with Prompt 13
T1548.001 Setuid and Setgid 4
T1548.003 Sudo and Sudo Caching 18