| Capability ID | Capability Description | Mapping Type | ATT&CK ID | ATT&CK Name | Notes |
|---|---|---|---|---|---|
| CVE-2020-0787 | Microsoft Windows Background Intelligent Transfer Service (BITS) Improper Privilege Management Vulnerability | primary_impact | T1059 | Command and Scripting Interpreter |
Comments
CVE-2020-0787 is a privilege elevation vulnerability in the Windows Background Intelligent Transfer Service (BITS). An actor can exploit this vulnerability if it improperly handles symbolic links to execute arbitrary code with system-level privileges.
References
|
| CVE-2020-0787 | Microsoft Windows Background Intelligent Transfer Service (BITS) Improper Privilege Management Vulnerability | exploitation_technique | T1068 | Exploitation for Privilege Escalation |
Comments
CVE-2020-0787 is a privilege elevation vulnerability in the Windows Background Intelligent Transfer Service (BITS). An actor can exploit this vulnerability if it improperly handles symbolic links to execute arbitrary code with system-level privileges.
References
|
| CVE-2024-26169 | Microsoft Windows Error Reporting Service Improper Privilege Management Vulnerability | primary_impact | T1059 | Command and Scripting Interpreter |
Comments
This vulnerability is a zero-day exploit that "manipulates the Windows file werkernel.sys, which uses a null security descriptor when creating registry keys. Attackers create a registry key HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\WerFault.exe and set the "Debugger" value to the exploit's executable pathname. This allows the exploit to start a shell with administrative privileges." This vulnerability has been exploited by the Black Basta ransomware group.
References
|
| CVE-2024-26169 | Microsoft Windows Error Reporting Service Improper Privilege Management Vulnerability | exploitation_technique | T1112 | Modify Registry |
Comments
This vulnerability is a zero-day exploit that "manipulates the Windows file werkernel.sys, which uses a null security descriptor when creating registry keys. Attackers create a registry key HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\WerFault.exe and set the "Debugger" value to the exploit's executable pathname. This allows the exploit to start a shell with administrative privileges." This vulnerability has been exploited by the Black Basta ransomware group.
References
|
| CVE-2024-26169 | Microsoft Windows Error Reporting Service Improper Privilege Management Vulnerability | exploitation_technique | T1203 | Exploitation for Client Execution |
Comments
This vulnerability is a zero-day exploit that "manipulates the Windows file werkernel.sys, which uses a null security descriptor when creating registry keys. Attackers create a registry key HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\WerFault.exe and set the "Debugger" value to the exploit's executable pathname. This allows the exploit to start a shell with administrative privileges." This vulnerability has been exploited by the Black Basta ransomware group.
References
|
| CVE-2023-20269 | Cisco Adaptive Security Appliance and Firepower Threat Defense Unauthorized Access Vulnerability | primary_impact | T1078 | Valid Accounts |
Comments
This vulnerability is exploited by an unauthenticated, remote attacker by specifying a default connection profile/tunnel group, enabling a brute-force attack to identify valid credentials and establish a clienteles SSL VPN session using those valid credentials.
References
|
| CVE-2023-20269 | Cisco Adaptive Security Appliance and Firepower Threat Defense Unauthorized Access Vulnerability | exploitation_technique | T1133 | External Remote Services |
Comments
This vulnerability is exploited by an unauthenticated, remote attacker by specifying a default connection profile/tunnel group, enabling a brute-force attack to identify valid credentials and establish a clienteles SSL VPN session using those valid credentials.
References
|