BaseDraft

CWE-1268Policy Privileges are not Assigned Consistently Between Control and Data Agents

Category: authz

Description

The product's hardware-enforced access control for a particular resource improperly accounts for privilege discrepancies between control and write policies.

Common consequences· 1

  • Confidentiality / Integrity / Availability / Access Control — Modify Memory, Read Memory, DoS: Crash, Exit, or Restart, Execute Unauthorized Code or Commands, Gain Privileges or Assume Identity, Bypass Protection Mechanism, Read Files or Directories, Reduce Reliability

Potential mitigations· 1

  • [Architecture and Design, Implementation]Access-control-policy definition and programming flow must be sufficiently tested in pre-silicon and post-silicon testing.

Related CAPEC attack patterns· 1

CAPEC-180

References

  1. https://cwe.mitre.org/data/definitions/1268.html

Exploits (incoming)1

TypeTargetConfidenceTier
AttackPatternExploiting Incorrectly Configured Access Control Security Levelscapec-180100%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CWE
Improper Access Control in Fabric Bridge
CWE
Improper Privilege Management
CWE
Insufficient Granularity of Access Control
CWE
Incorrect Privilege Assignment
CWE
Privilege Context Switching Error
CWE
Privilege Dropping / Lowering Errors
Sourced from MITRE CWE 4.20. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.