BaseStable

CWE-1244Internal Asset Exposed to Unsafe Debug Access Level or State

Category: config

Description

The product uses physical debug or test interfaces with support for multiple access levels, but it assigns the wrong debug access level to an internal asset, providing unintended access to the asset from untrusted debug agents.

Common consequences· 3

  • Confidentiality — Read Memory
    If a protection mechanism does not ensure that internal assets have the correct debug access level during each boot stage or change in system state, an attacker could obtain sensitive information from the internal asset using a debugger.
  • Integrity — Modify Memory
  • Authorization / Access Control — Gain Privileges or Assume Identity, Bypass Protection Mechanism

Potential mitigations· 3

  • [Architecture and Design, Implementation]
  • [Architecture and Design]Apply blinding [REF-1219] or masking techniques in strategic areas.
  • [Implementation]Add shielding or tamper-resistant protections to the device, which increases the difficulty and cost for accessing debug/test interfaces.

Related CAPEC attack patterns· 1

CAPEC-114

References

  1. https://cwe.mitre.org/data/definitions/1244.html

Exploits (incoming)1

TypeTargetConfidenceTier
AttackPatternAuthentication Abusecapec-114100%live

(incoming)1

TypeTargetConfidenceTier
VulnerabilityCVE-2025-42878cve-2025-428780%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CWE
Improper Access Control for Register Interface
CWE
On-Chip Debug and Test Interface With Improper Access Control
CWE
Improper Prevention of Lock Bit Modification
CWE
Insertion of Sensitive Information Into Debugging Code
CWE
Exposed IOCTL with Insufficient Access Control
CWE
Sensitive Information Uncleared Before Debug/Power State Transition
Sourced from MITRE CWE 4.20. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.