| Capability ID | Capability Description | Mapping Type | ATT&CK ID | ATT&CK Name | Notes |
|---|---|---|---|---|---|
| CVE-2019-5591 | Fortinet FortiOS Default Configuration Vulnerability | secondary_impact | T1005 | Data from Local System |
Comments
CVE-2019-5591 is a default configuration vulnerability in Fortinet's FortiOS, specifically affecting the FortiGate SSL VPN. This vulnerability allows an unauthenticated attacker on the same subnet to intercept sensitive information by impersonating a Lightweight Directory Access Protocol (LDAP) server.
References
|
| CVE-2019-5591 | Fortinet FortiOS Default Configuration Vulnerability | primary_impact | T1557 | Adversary-in-the-Middle |
Comments
CVE-2019-5591 is a default configuration vulnerability in Fortinet's FortiOS, specifically affecting the FortiGate SSL VPN. This vulnerability allows an unauthenticated attacker on the same subnet to intercept sensitive information by impersonating a Lightweight Directory Access Protocol (LDAP) server.
References
|
| CVE-2019-5591 | Fortinet FortiOS Default Configuration Vulnerability | exploitation_technique | T1133 | External Remote Services |
Comments
CVE-2019-5591 is a default configuration vulnerability in Fortinet's FortiOS, specifically affecting the FortiGate SSL VPN. This vulnerability allows an unauthenticated attacker on the same subnet to intercept sensitive information by impersonating a Lightweight Directory Access Protocol (LDAP) server.
References
|
| CVE-2022-22948 | VMware vCenter Server Incorrect Default File Permissions Vulnerability | secondary_impact | T1068 | Exploitation for Privilege Escalation |
Comments
This vulnerability is exploited by an adversary who has gained access to a valid account on the vCenter Server. The adversary can gain access to unencrypted Postgres credentials on the server, which grants the adversary access to the vCenter's internal database where the vpxuser account passphrase is stored. Adversaries can leverage this information to decrypt the vpxuser password, which will grant them root privileges.
References
|
| CVE-2022-22948 | VMware vCenter Server Incorrect Default File Permissions Vulnerability | primary_impact | T1212 | Exploitation for Credential Access |
Comments
This vulnerability is exploited by an adversary who has gained access to a valid account on the vCenter Server. The adversary can gain access to unencrypted Postgres credentials on the server, which grants the adversary access to the vCenter's internal database where the vpxuser account passphrase is stored. Adversaries can leverage this information to decrypt the vpxuser password, which will grant them root privileges.
References
|
| CVE-2022-22948 | VMware vCenter Server Incorrect Default File Permissions Vulnerability | exploitation_technique | T1078 | Valid Accounts |
Comments
This vulnerability is exploited by an adversary who has gained access to a valid account on the vCenter Server. The adversary can gain access to unencrypted Postgres credentials on the server, which grants the adversary access to the vCenter's internal database where the vpxuser account passphrase is stored. Adversaries can leverage this information to decrypt the vpxuser password, which will grant them root privileges.
References
|
| Capability ID | Capability Name | Number of Mappings |
|---|---|---|
| CVE-2022-22948 | VMware vCenter Server Incorrect Default File Permissions Vulnerability | 3 |
| CVE-2019-5591 | Fortinet FortiOS Default Configuration Vulnerability | 3 |