216.73.216.133

T1562.013: Disable or Modify Network Device Firewall

View on MITRE ATT&CK The MITRE Corporation · Published 22/09/2025 20:31 · Modified 27/03/2026 01:11

Essential information

MITRE technique ID
T1562.013
Confidence
100/100
Revoked
No
Published
22/09/2025 20:31
Modified
27/03/2026 01:11
Author / Source
The MITRE Corporation

Platforms

Network Devices

Description

Adversaries may disable network device-based firewall mechanisms entirely or add, delete, or modify particular rules in order to bypass controls limiting network usage. Modifying or disabling a network firewall may enable adversary C2 communications, lateral movement, and/or data exfiltration that would otherwise not be allowed. For example, adversaries may add new network firewall rules to allow access to all internal network subnets without restrictions.(Citation: Exposed Fortinet Fortigate firewall interface leads to LockBit Ransomware) Adversaries may gain access to the firewall management console via [Valid Accounts](https://attack.mitre.org/techniques/T1078) or by exploiting a vulnerability. In some cases, threat actors may target firewalls that have been exposed to the internet [Exploit Public-Facing Application](https://attack.mitre.org/techniques/T1190).(Citation: CVE-2024-55591 Detail)

Kill chain phases

Kill chainPhase
mitre-attack defense-evasion

Marking (TLP)

Copyright 2015-2025, The MITRE Corporation. MITRE ATT&CK and ATT&CK are registered trademarks of The MITRE Corporation.

External references