BaseIncomplete

CWE-1296Incorrect Chaining or Granularity of Debug Components

Category: config

Description

The product's debug components contain incorrect chaining or granularity of debug components.

Common consequences· 1

  • Confidentiality / Integrity / Access Control / Authentication / Authorization / Availability / Accountability — Gain Privileges or Assume Identity, Bypass Protection Mechanism, Execute Unauthorized Code or Commands, Modify Memory, Modify Files or Directories
    Depending on the access to debug component(s) erroneously granted, an attacker could use the debug component to gain additional understanding about the system to further an attack and/or execute other commands. This could compromise any security property, including the ones listed above.

Potential mitigations· 1

  • [Implementation]Ensure that debug components are properly chained and their granularity is maintained at different authentication levels.

Related CAPEC attack patterns· 2

CAPEC-121CAPEC-702

References

  1. https://cwe.mitre.org/data/definitions/1296.html

Exploits (incoming)2

TypeTargetConfidenceTier
AttackPatternExploiting Incorrect Chaining or Granularity of Hardware Debug Componentscapec-702100%live
AttackPatternExploit Non-Production Interfacescapec-121100%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CWE
Active Debug Code
CWE
Incorrect Control Flow Scoping
CWE
Inappropriate Comment Style
CWE
Improperly Controlled Sequential Memory Allocation
CWE
Debug Messages Revealing Unnecessary Information
CWE
Incorrect Short Circuit Evaluation
Sourced from MITRE CWE 4.20. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.