Trusted Design

• 重大度: Unknown
• 公開日: 2016-02-27
• 更新日: 2024-08-06

概要

QNAP iArtist Lite before 1.4.54, as distributed with QNAP Signage Station before 2.0.1, allows remote authenticated users to gain privileges by registering an executable file, and then waiting for this file to be run in a privileged context after a reboot.

このCVEに関連するMITRE ATT&CKテクニック

• T1560.001 - Archive via Utility
• T1514 - Elevated Execution with Prompt
• T1003.002 - Security Account Manager
• T1192 - Spearphishing Link
• T1591.003 - Identify Business Tempo
• T1070.002 - Clear Linux or Mac System Logs
• T1598.003 - Spearphishing Link
• T1583.005 - Botnet
• T1070.008 - Clear Mailbox Data
• T1518.002 - Backup Software Discovery
• T1525 - Implant Internal Image
• T1145 - Private Keys
• T1555.003 - Credentials from Web Browsers
• T1535 - Unused/Unsupported Cloud Regions
• T1563 - Remote Service Session Hijacking
• T1042 - Change Default File Association
• T1177 - LSASS Driver
• T1546.008 - Accessibility Features
• T1647 - Plist File Modification
• T1649 - Steal or Forge Authentication Certificates
• T1051 - Shared Webroot
• T1552.001 - Credentials In Files
• T1218.005 - Mshta
• T1608.005 - Link Target
• T1556.008 - Network Provider DLL
• T1497.002 - User Activity Based Checks
• T1534 - Internal Spearphishing
• T1219.003 - Remote Access Hardware
• T1078 - Valid Accounts
• T1055.012 - Process Hollowing
• T1068 - Exploitation for Privilege Escalation
• T1110.004 - Credential Stuffing
• T1187 - Forced Authentication
• T1567.003 - Exfiltration to Text Storage Sites
• T1562.011 - Spoof Security Alerting
• T1499 - Endpoint Denial of Service
• T1213.003 - Code Repositories
• T1223 - Compiled HTML File
• T1555.004 - Windows Credential Manager
• T1498 - Network Denial of Service
• T1538 - Cloud Service Dashboard
• T1055.008 - Ptrace System Calls
• T1653 - Power Settings
• T1137.002 - Office Test
• T1035 - Service Execution
• T1529 - System Shutdown/Reboot

このCVEが関連しているPulses

• QNAP Signage Station and iArtist Lite - vulnerabilities

CVEの関係性グラフ

---

← CVE一覧に戻る