Threat Description |
Threat aimed at gaining privileged access to resources, for gaining unauthorized access to information or to compromise a system. |
Threat Target |
Network Infrastructure. |
Attacker Steps |
After getting authenticated into the system, an attacker can upload a remote shell to manipulate the server remotely. If there are any missing configurations or patches, the hacker can take advantage of the flaw and escalate his/her privileges. |
Counter-measure |
|
Existing Counter-measure |
|
The DREAD report is as follows:
DREAD
|
Details
|
Score /10
|
Damage |
The damage is very high in this case because the hacker will own the system and the network as well. |
10 |
Reproducibility |
It can be reproduced any time when the countermeasures are not implemented. |
10 |
Exploitability |
The attack can be executed by an intermediate skill hacker. |
9 |
Affected Users |
Between 100 and probably more than 1,000. |
7 |
Discoverability |
The flaw can be discovered internally because the admin console is not accessible to the outside perimeter. |
6 |
Total |
8.4 |