Nasreddine Bencherchali
9d58e38bbc
remove: Space After Filename - Logic was incorrect and untested update: Potential CVE-2024-3400 Exploitation - Palo Alto GlobalProtect OS Command Injection - Update selection update: JexBoss Command Sequence - Update the selection to use the |all modifier. chore: remove any usage of the fields field to prepare for deprecation in the spec.
35 lines
848 B
YAML
35 lines
848 B
YAML
title: Cisco Modify Configuration
|
|
id: 671ffc77-50a7-464f-9e3d-9ea2b493b26b
|
|
status: test
|
|
description: Modifications to a config that will serve an adversary's impacts or persistence
|
|
author: Austin Clark
|
|
date: 2019-08-12
|
|
modified: 2025-04-28
|
|
tags:
|
|
- attack.privilege-escalation
|
|
- attack.execution
|
|
- attack.persistence
|
|
- attack.impact
|
|
- attack.t1490
|
|
- attack.t1505
|
|
- attack.t1565.002
|
|
- attack.t1053
|
|
logsource:
|
|
product: cisco
|
|
service: aaa
|
|
detection:
|
|
keywords:
|
|
- 'ip http server'
|
|
- 'ip https server'
|
|
- 'kron policy-list'
|
|
- 'kron occurrence'
|
|
- 'policy-list'
|
|
- 'access-list'
|
|
- 'ip access-group'
|
|
- 'archive maximum'
|
|
- 'ntp server'
|
|
condition: keywords
|
|
falsepositives:
|
|
- Legitimate administrators may run these commands
|
|
level: medium
|