BaseDraft

CWE-1317Improper Access Control in Fabric Bridge

Category: other

Description

The product uses a fabric bridge for transactions between two Intellectual Property (IP) blocks, but the bridge does not properly perform the expected privilege, identity, or other access control checks between those IP blocks.

Common consequences· 1

  • Confidentiality / Integrity / Access Control / Availability — DoS: Crash, Exit, or Restart, Bypass Protection Mechanism, Read Memory, Modify Memory

Potential mitigations· 2

  • [Architecture and Design]Ensure that the design includes provisions for access-control checks in the bridge for both upstream and downstream transactions.
  • [Implementation]Implement access-control checks in the bridge for both upstream and downstream transactions.

Related CAPEC attack patterns· 1

CAPEC-122

References

  1. https://cwe.mitre.org/data/definitions/1317.html

Exploits (incoming)1

TypeTargetConfidenceTier
AttackPatternPrivilege Abusecapec-122100%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CWE
Policy Privileges are not Assigned Consistently Between Control and Data Agents
CWE
Improper Translation of Security Attributes by Fabric Bridge
CWE
Insufficient Granularity of Access Control
CWE
Improper Restriction of Communication Channel to Intended Endpoints
CWE
Unverified Ownership
CWE
Improper Access Control
Sourced from MITRE CWE 4.20. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.