CWE-553: Command Shell in Externally Accessible Directory

Description

A possible shell file exists in /cgi-bin/ or other accessible directories. This is extremely dangerous and can be used by an attacker to execute commands on the web server.

Extended Description

N/A

ThreatScore

Threat Mapped score: 0.0

Industry: Finiancial

Threat priority: Unclassified

Observed Examples (CVEs)

No observed examples available.

Related Attack Patterns (CAPEC)

CAPEC-650

Attack TTPs

T1505.003 — Web Shell (persistence)

Malware

ASPXSpy
BUSHWALK
China Chopper
FRAMESTING
GLASSTOKEN
LIGHTWIRE
Line Runner
Neo-reGeorg
OwaAuth
P.A.S. Webshell
PULSECHECK
RAPIDPULSE
SEASHARPEE
SLIGHTPULSE
STEADYPULSE
SUPERNOVA
SnappyTCP
WIREFIRE
reGeorg

APTs (Intrusion Sets)

APT28
APT29
APT32
APT38
APT39
APT5
Agrius
BackdoorDiplomacy
BlackByte
CURIUM
Deep Panda
Dragonfly
Ember Bear
FIN13
Fox Kitten
GALLIUM
HAFNIUM
Kimsuky
Leviathan
Magic Hound
Moses Staff
OilRig
Sandworm Team
Sea Turtle
Threat Group-3390
Tonto Team
Tropic Trooper
Volatile Cedar
Volt Typhoon

Modes of Introduction

Phase	Note
Implementation	N/A
Operation	N/A

Common Consequences

Impact: Execute Unauthorized Code or Commands — Notes:

Potential Mitigations

Installation: Remove any Shells accessible under the web root folder and children directories. (N/A)

Applicable Platforms

None listed.

Demonstrative Examples

N/A

Notes

No notes available.

← Back to CWE list