BaseDraft

CWE-1311Improper Translation of Security Attributes by Fabric Bridge

Category: other

Description

The bridge incorrectly translates security attributes from either trusted to untrusted or from untrusted to trusted when converting from one fabric protocol to another.

Common consequences· 1

  • Confidentiality / Integrity / Access Control — Modify Memory, Read Memory, Gain Privileges or Assume Identity, Bypass Protection Mechanism, Execute Unauthorized Code or Commands

Potential mitigations· 2

  • [Architecture and Design]The translation must map signals in such a way that untrusted agents cannot map to trusted agents or vice-versa.
  • [Implementation]Ensure that the translation maps signals in such a way that untrusted agents cannot map to trusted agents or vice-versa.

Related CAPEC attack patterns· 3

CAPEC-1CAPEC-180CAPEC-233

References

  1. https://cwe.mitre.org/data/definitions/1311.html

Exploits (incoming)3

TypeTargetConfidenceTier
AttackPatternAccessing Functionality Not Properly Constrained by ACLscapec-1100%live
AttackPatternPrivilege Escalationcapec-233100%live
AttackPatternExploiting Incorrectly Configured Access Control Security Levelscapec-180100%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CWE
Improper Access Control in Fabric Bridge
CWE
Power-On of Untrusted Execution Core Before Enabling Fabric Access Control
CWE
Improper Setting of Bus Controlling Capability in Fabric End-point
CWE
Incorrect Conversion of Security Identifiers
CWE
Policy Privileges are not Assigned Consistently Between Control and Data Agents
CWE
Missing Support for Security Features in On-chip Fabrics or Buses
Sourced from MITRE CWE 4.20. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.