1. Home
  2. ATT&CK Techniques
  3. T1557 Man-in-the-Middle

T1557 Man-in-the-Middle Mappings

Adversaries may attempt to position themselves between two or more networked devices using a man-in-the-middle (MiTM) technique to support follow-on behaviors such as Network Sniffing or Transmitted Data Manipulation. By abusing features of common networking protocols that can determine the flow of network traffic (e.g. ARP, DNS, LLMNR, etc.), adversaries may force a device to communicate through an adversary controlled system so they can collect information or perform additional actions.(Citation: Rapid7 MiTM Basics)

Adversaries may leverage the MiTM position to attempt to modify traffic, such as in Transmitted Data Manipulation. Adversaries can also stop traffic from flowing to the appropriate destination, causing denial of service.

View in MITRE ATT&CK®

Mappings

Capability ID Capability Description Mapping Type ATT&CK ID ATT&CK Name
AC-16 Security and Privacy Attributes Protects T1557 Man-in-the-Middle
AC-17 Remote Access Protects T1557 Man-in-the-Middle
AC-18 Wireless Access Protects T1557 Man-in-the-Middle
AC-19 Access Control for Mobile Devices Protects T1557 Man-in-the-Middle
AC-20 Use of External Systems Protects T1557 Man-in-the-Middle
AC-3 Access Enforcement Protects T1557 Man-in-the-Middle
AC-4 Information Flow Enforcement Protects T1557 Man-in-the-Middle
CA-7 Continuous Monitoring Protects T1557 Man-in-the-Middle
CM-2 Baseline Configuration Protects T1557 Man-in-the-Middle
CM-6 Configuration Settings Protects T1557 Man-in-the-Middle
CM-7 Least Functionality Protects T1557 Man-in-the-Middle
CM-8 System Component Inventory Protects T1557 Man-in-the-Middle
RA-5 Vulnerability Monitoring and Scanning Protects T1557 Man-in-the-Middle
SC-23 Session Authenticity Protects T1557 Man-in-the-Middle
SC-4 Information in Shared System Resources Protects T1557 Man-in-the-Middle
SC-46 Cross Domain Policy Enforcement Protects T1557 Man-in-the-Middle
SC-7 Boundary Protection Protects T1557 Man-in-the-Middle
SC-8 Transmission Confidentiality and Integrity Protects T1557 Man-in-the-Middle
SI-10 Information Input Validation Protects T1557 Man-in-the-Middle
SI-12 Information Management and Retention Protects T1557 Man-in-the-Middle
SI-15 Information Output Filtering Protects T1557 Man-in-the-Middle
SI-3 Malicious Code Protection Protects T1557 Man-in-the-Middle
SI-4 System Monitoring Protects T1557 Man-in-the-Middle
SI-7 Software, Firmware, and Information Integrity Protects T1557 Man-in-the-Middle
CVE-2019-1860 Cisco Unified Intelligence Center primary_impact T1557 Man-in-the-Middle
CVE-2019-1941 Cisco Identity Services Engine Software secondary_impact T1557 Man-in-the-Middle
CVE-2019-1838 Cisco Application Policy Infrastructure Controller (APIC) secondary_impact T1557 Man-in-the-Middle
CVE-2020-3233 Cisco IOx secondary_impact T1557 Man-in-the-Middle
CVE-2019-15280 Cisco Firepower Management Center secondary_impact T1557 Man-in-the-Middle
CVE-2020-3137 Cisco Email Security Appliance (ESA) secondary_impact T1557 Man-in-the-Middle
CVE-2019-1943 Cisco Small Business 300 Series Managed Switches exploitation_technique T1557 Man-in-the-Middle
CVE-2019-1665 Cisco HyperFlex HX-Series secondary_impact T1557 Man-in-the-Middle
CVE-2019-15994 Cisco Stealthwatch Enterprise secondary_impact T1557 Man-in-the-Middle
CVE-2018-15393 Cisco Content Security Management Appliance (SMA) secondary_impact T1557 Man-in-the-Middle
CVE-2020-3121 Cisco 550X Series Stackable Managed Switches secondary_impact T1557 Man-in-the-Middle
CVE-2019-1715 Cisco Adaptive Security Appliance (ASA) Software primary_impact T1557 Man-in-the-Middle
CVE-2020-3356 Cisco Data Center Network Manager secondary_impact T1557 Man-in-the-Middle
CVE-2020-3349 Cisco Data Center Network Manager secondary_impact T1557 Man-in-the-Middle
CVE-2019-3754 Unity Operating Environment secondary_impact T1557 Man-in-the-Middle
CVE-2020-5336 RSA Archer secondary_impact T1557 Man-in-the-Middle
CVE-2018-15784 Dell Networking OS10 primary_impact T1557 Man-in-the-Middle
CVE-2018-11087 Spring AMQP primary_impact T1557 Man-in-the-Middle
CVE-2020-5269 PrestaShop secondary_impact T1557 Man-in-the-Middle
CVE-2020-11030 WordPress secondary_impact T1557 Man-in-the-Middle
CVE-2020-11023 jQuery secondary_impact T1557 Man-in-the-Middle
CVE-2020-5270 PrestaShop secondary_impact T1557 Man-in-the-Middle
CVE-2020-5264 PrestaShop secondary_impact T1557 Man-in-the-Middle
CVE-2020-11035 GLPI primary_impact T1557 Man-in-the-Middle
CVE-2020-11082 Kaminari secondary_impact T1557 Man-in-the-Middle
CVE-2020-15093 tough primary_impact T1557 Man-in-the-Middle
CVE-2020-5266 ps_linklist secondary_impact T1557 Man-in-the-Middle
CVE-2020-5271 PrestaShop secondary_impact T1557 Man-in-the-Middle
CVE-2019-6538 Medtronic Conexus Radio Frequency Telemetry Protocol primary_impact T1557 Man-in-the-Middle
CVE-2018-10610 LeviStudioU primary_impact T1557 Man-in-the-Middle
CVE-2018-14809 V-Server primary_impact T1557 Man-in-the-Middle
CVE-2012-3015 n/a uncategorized T1557 Man-in-the-Middle
CVE-2014-4077 n/a uncategorized T1557 Man-in-the-Middle
CVE-2018-0622 DHC Online Shop App for Android uncategorized T1557 Man-in-the-Middle
CVE-2015-7931 n/a uncategorized T1557 Man-in-the-Middle
CVE-2014-3566 n/a uncategorized T1557 Man-in-the-Middle
CVE-2018-16179 Mizuho Direct App for Android uncategorized T1557 Man-in-the-Middle
action.hacking.variety.MitM Man-in-the-middle attack. Child of 'Exploit vuln'. related-to T1557 Man-in-the-Middle
action.hacking.variety.Routing detour Routing detour. Child of 'Exploit vuln'. related-to T1557 Man-in-the-Middle
aws_rds AWS RDS technique_scores T1557 Man-in-the-Middle
aws_config AWS Config technique_scores T1557 Man-in-the-Middle
aws_iot_device_defender AWS IoT Device Defender technique_scores T1557 Man-in-the-Middle
amazon_virtual_private_cloud Amazon Virtual Private Cloud technique_scores T1557 Man-in-the-Middle

ATT&CK Subtechniques

Technique ID Technique Name Number of Mappings
T1557.002 ARP Cache Poisoning 24
T1557.001 LLMNR/NBT-NS Poisoning and SMB Relay 17