BaseDraft

CWE-1299Missing Protection Mechanism for Alternate Hardware Interface

Category: other

Description

The lack of protections on alternate paths to access control-protected assets (such as unprotected shadow registers and other external facing unguarded interfaces) allows an attacker to bypass existing protections to the asset that are only performed against the primary path.

Common consequences· 1

  • Confidentiality / Integrity / Availability / Access Control — Modify Memory, Read Memory, DoS: Resource Consumption (Other), Execute Unauthorized Code or Commands, Gain Privileges or Assume Identity, Alter Execution Logic, Bypass Protection Mechanism, Quality Degradation

Potential mitigations· 3

  • [Requirements]Protect assets from accesses against all potential interfaces and alternate paths.
  • [Architecture and Design]Protect assets from accesses against all potential interfaces and alternate paths.
  • [Implementation]Protect assets from accesses against all potential interfaces and alternate paths.

Related CAPEC attack patterns· 2

CAPEC-457CAPEC-554

References

  1. https://cwe.mitre.org/data/definitions/1299.html

Exploits (incoming)2

TypeTargetConfidenceTier
AttackPatternFunctionality Bypasscapec-554100%live
AttackPatternUSB Memory Attackscapec-457100%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CWE
Improper Access Control Applied to Mirrored or Aliased Memory Regions
CWE
Improper Access Control for Register Interface
CWE
Internal Asset Exposed to Unsafe Debug Access Level or State
CWE
Missing Support for Security Features in On-chip Fabrics or Buses
CWE
Improper Handling of Faults that Lead to Instruction Skips
CWE
Incorrect Register Defaults or Module Parameters
Sourced from MITRE CWE 4.20. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.