| Capability ID | Capability Description | Mapping Type | ATT&CK ID | ATT&CK Name | Notes |
|---|---|---|---|---|---|
| CVE-2022-39197 | Fortra Cobalt Strike Teamserver Cross-Site Scripting (XSS) Vulnerability | primary_impact | T1059 | Command and Scripting Interpreter |
Comments
This vulnerability is exploited by a remote attacker to execute HTML on the Cobalt Strike team server. To exploit this vulnerability, an attacker would inspect a Cobalt Strike payload and modify the username field within the payload to be malformed. This manipulation enables the attacker to execute arbitrary code by setting a malformed username in the Beacon configuration.
In a documented cybersecurity incident, a Chinese threat actor leveraged a modified version of Cobalt Strike, known as "Cobalt Strike Cat," which included a patch for CVE-2022-39197. This version was used to establish communication channels with victim systems, perform evasive post-exploitation activities, and maintain persistence.
References
|
| CVE-2022-39197 | Fortra Cobalt Strike Teamserver Cross-Site Scripting (XSS) Vulnerability | exploitation_technique | T1190 | Exploit Public-Facing Application |
Comments
This vulnerability is exploited by a remote attacker to execute HTML on the Cobalt Strike team server. To exploit this vulnerability, an attacker would inspect a Cobalt Strike payload and modify the username field within the payload to be malformed. This manipulation enables the attacker to execute arbitrary code by setting a malformed username in the Beacon configuration.
In a documented cybersecurity incident, a Chinese threat actor leveraged a modified version of Cobalt Strike, known as "Cobalt Strike Cat," which included a patch for CVE-2022-39197. This version was used to establish communication channels with victim systems, perform evasive post-exploitation activities, and maintain persistence.
References
|