MITRE ATT&CK / T1190
T1190
Exploit Public-Facing Application
Description
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network. The weakness in the system can be a software bug, a temporary glitch, or a misconfiguration.Exploited applications are often websites/web servers, but can also include databases (like SQL), standard services (like SMB or SSH), network device administration and management protocols (like SNMP and Smart Install), and any other system with Internet-accessible open sockets.(Citation: NVD CVE-2016-6662)(Citation: CIS Multiple SMB Vulnerabilities)(Citation: US-CERT TA18-106A Network Infrastructure Devices 2018)(Citation: Cisco Blog Legacy Device Attacks)(Citation: NVD CVE-2014-7169) On ESXi infrastructure, adversaries may exploit exposed OpenSLP services; they may alternatively exploit exposed VMware vCenter servers.(Citation: Recorded Future ESXiArgs Ransomware 2023)(Citation: Ars Technica VMWare Code Execution Vulnerability 2021) Depending on the flaw being exploited, this may also involve [Exploitation for Stealth](https://attack.mitre.org/techniques/T1211) or [Exploitation for Client Execution](https://attack.mitre.org/techniques/T1203).If an application is hosted on cloud-based infrastructure and/or is containerized, then exploiting it may lead to compromise of the underlying instance or container. This can allow an adversary a path to access the cloud or container APIs (e.g., via the [Cloud Instance Metadata API](https://attack.mitre.org/techniques/T1552/005))…
Platforms
Mitigations
- M1048 — Application Isolation and Sandboxing
- M1037 — Filter Network Traffic
- M1030 — Network Segmentation
- M1016 — Vulnerability Scanning
- M1026 — Privileged Account Management
- M1050 — Exploit Protection
- M1035 — Limit Access to Resource Over Network
- M1051 — Update Software
Use our free MITRE ATT&CK lookup tool, or browse the full ATT&CK matrix.
Our coverage
- CVE-2026-20182: Cisco Catalyst SD-WAN CVSS 10.0 Auth Bypass Actively Exploited
- CVE-2026-0300: Unauthenticated Root RCE Zero-Day Actively Exploited in Palo Alto PAN-OS
- CVE-2025-68670: Critical Pre-Auth RCE in xrdp Exposes Linux Remote Desktop Servers
- CVE-2026-6973: Ivanti EPMM Zero-Day RCE Exploited, CISA Mandates Patch by May 10
- UAT-8302 China APT Malware Analysis: Shared Implants, IOCs, and Detection Rules
Source: MITRE ATT&CK Enterprise matrix. View on attack.mitre.org →