YusASP Web Asset Manager 1.0 allows remote attackers to gain privileges via a direct request to assetmanager.asp.
Threat-Mapped Scoring
Score: 0.0
Priority: Unclassified
EPSS
Score: 0.00742
Percentile:
0.71993
CVSS Scoring
CVSS v2 Score: 7.5
Severity:
Mapped CWE(s)
-
CWE-425
: Direct Request ('Forced Browsing')
All CAPEC(s)
-
CAPEC-127: Directory Indexing
-
CAPEC-143: Detect Unpublicized Web Pages
-
CAPEC-144: Detect Unpublicized Web Services
-
CAPEC-668: Key Negotiation of Bluetooth Attack (KNOB)
-
CAPEC-87: Forceful Browsing
CAPEC(s) with Mapped TTPs
-
CAPEC-127: Directory Indexing
Mapped TTPs:
-
T1083
: File and Directory Discovery
-
CAPEC-668: Key Negotiation of Bluetooth Attack (KNOB)
Mapped TTPs:
Mapped ATT&CK TTPs
-
T1083
: File and Directory Discovery
Kill Chain: discovery
-
T1565.002
: Transmitted Data Manipulation
Kill Chain: impact
Malware
APTs Threat Group Associations
Campaigns
- Operation Wocao
- SolarWinds Compromise
- Operation CuckooBees
- Operation Honeybee
- Operation Dream Job
- C0015
- Night Dragon
- KV Botnet Activity
Affected Products
- cpe:2.3:a:yusasp:web_asset_manager:1.0:*:*:*:*:*:*:*
← Back to Home