Home >> Taxonomy >> Attacks >> Privilege escalation

Privilege escalation

Privilege escalation refers to the process by which an attacker or an unauthorized user gains higher-level access or permissions than they are initially granted. This can occur in various systems, such as operating systems, databases, or applications.

Example

In June 2022, a privilege escalation vulnerability in MikroTik RouterOS was disclosed at REcon, affecting x86 Virtual Machines. The vulnerability allowed obtaining a root shell, with new exploits targeting a broader range of hardware. MikroTik addressed the issue with patches in version 6.49.7. The vulnerability (CVE-2023-30799) allowed threat actors to escalate from admin to super-admin, potentially leading to arbitrary code execution. Over 900K routers were reported as vulnerable.

Links

• MikroTik RouterOS Flaw
• Privilege Escalation Attacks

Cards

Data-validation-&-encoding

• Data-validation-&-encoding 5
• Data-validation-&-encoding 6
• Data-validation-&-encoding 8
• Data-validation-&-encoding 9

Authentication

• Authentication 8
• Authentication J

Authorization

• Authorization 4
• Authorization 5
• Authorization 8
• Authorization J
• Authorization Q
• Authorization K

Session-management

• Session-management 8

Cryptography

• Cryptography J

Cornucopia

• Cornucopia 4
• Cornucopia Q
• Cornucopia A

Loading comments 0%