Unauthorized Remote Command Execution
criticalremote-command-execution
Attacker leverages management tools to execute unauthorized commands on target systems
TamperingElevation of Privilege
MITRE ATT&CK techniques
| ID | Name | Tactic |
|---|---|---|
| T1059 | Command and Scripting Interpreter | Execution |
| T1021 | Remote Services | Lateral Movement |
Common Weakness Enumeration
Mitigating controls
ctrl-remotecmd-1- Implement strict IAM policies for command execution
ctrl-remotecmd-2- Enable comprehensive logging of all remote commands
ctrl-remotecmd-3- Use session recording for administrative access
ctrl-remotecmd-4- Implement approval workflows for sensitive operations
ctrl-remotecmd-5- Restrict command execution to approved runbooks