Trusted Design

• 重大度: Unknown
• 公開日: 2016-02-27
• 更新日: 2024-08-06

概要

Unrestricted file upload vulnerability in QNAP Signage Station before 2.0.1 allows remote authenticated users to execute arbitrary code by uploading an executable file, and then accessing this file via an unspecified URL.

このCVEに関連するMITRE ATT&CKテクニック

• T1514 - Elevated Execution with Prompt
• T1003.002 - Security Account Manager
• T1583.002 - DNS Server
• T1121 - Regsvcs/Regasm
• T1591.003 - Identify Business Tempo
• T1484.002 - Trust Modification
• T1070.002 - Clear Linux or Mac System Logs
• T1598.003 - Spearphishing Link
• T1583.005 - Botnet
• T1608.001 - Upload Malware
• T1518.002 - Backup Software Discovery
• T1525 - Implant Internal Image
• T1555.003 - Credentials from Web Browsers
• T1563 - Remote Service Session Hijacking
• T1179 - Hooking
• T1042 - Change Default File Association
• T1177 - LSASS Driver
• T1055.013 - Process Doppelgänging
• T1546.008 - Accessibility Features
• T1204.005 - Malicious Library
• T1083 - File and Directory Discovery
• T1649 - Steal or Forge Authentication Certificates
• T1051 - Shared Webroot
• T1552.001 - Credentials In Files
• T1218.005 - Mshta
• T1608.005 - Link Target
• T1598.002 - Spearphishing Attachment
• T1497.002 - User Activity Based Checks
• T1496.004 - Cloud Service Hijacking
• T1534 - Internal Spearphishing
• T1218.001 - Compiled HTML File
• T1055.012 - Process Hollowing
• T1110.004 - Credential Stuffing
• T1187 - Forced Authentication
• T1499 - Endpoint Denial of Service
• T1027.004 - Compile After Delivery
• T1500 - Compile After Delivery
• T1213.003 - Code Repositories
• T1223 - Compiled HTML File
• T1555.004 - Windows Credential Manager
• T1055.008 - Ptrace System Calls
• T1653 - Power Settings
• T1137.002 - Office Test
• T1204.001 - Malicious Link
• T1035 - Service Execution

このCVEが関連しているPulses

• QNAP Signage Station and iArtist Lite - vulnerabilities

CVEの関係性グラフ

---

← CVE一覧に戻る