Trusted Design

• 重大度: Unknown
• 公開日: 2016-02-27
• 更新日: 2024-08-06

概要

The FTP service in QNAP iArtist Lite before 1.4.54, as distributed with QNAP Signage Station before 2.0.1, has hardcoded credentials, which makes it easier for remote attackers to obtain access via a session on TCP port 21.

このCVEに関連するMITRE ATT&CKテクニック

• T1560.001 - Archive via Utility
• T1588.007 - Artificial Intelligence
• T1514 - Elevated Execution with Prompt
• T1003.002 - Security Account Manager
• T1121 - Regsvcs/Regasm
• T1070.002 - Clear Linux or Mac System Logs
• T1598.003 - Spearphishing Link
• T1583.005 - Botnet
• T1190 - Exploit Public-Facing Application
• T1558 - Steal or Forge Kerberos Tickets
• T1555 - Credentials from Password Stores
• T1050 - New Service
• T1518.002 - Backup Software Discovery
• T1525 - Implant Internal Image
• T1562.004 - Disable or Modify System Firewall
• T1145 - Private Keys
• T1155 - AppleScript
• T1563 - Remote Service Session Hijacking
• T1027.016 - Junk Code Insertion
• T1177 - LSASS Driver
• T1546.008 - Accessibility Features
• T1552.001 - Credentials In Files
• T1218.005 - Mshta
• T1598.002 - Spearphishing Attachment
• T1556.008 - Network Provider DLL
• T1497.002 - User Activity Based Checks
• T1496.004 - Cloud Service Hijacking
• T1679 - Selective Exclusion
• T1219.003 - Remote Access Hardware
• T1213.003 - Code Repositories
• T1565.002 - Transmitted Data Manipulation
• T1223 - Compiled HTML File
• T1555.004 - Windows Credential Manager
• T1498 - Network Denial of Service
• T1055.008 - Ptrace System Calls
• T1653 - Power Settings
• T1665 - Hide Infrastructure
• T1204.001 - Malicious Link
• T1086 - PowerShell

このCVEが関連しているPulses

• QNAP Signage Station and iArtist Lite - vulnerabilities

CVEの関係性グラフ

---

← CVE一覧に戻る