BaseDraft

CWE-1320Improper Protection for Outbound Error Messages and Alert Signals

Category: other

Description

Untrusted agents can disable alerts about signal conditions exceeding limits or the response mechanism that handles such alerts.

Common consequences· 1

  • Availability — DoS: Instability, DoS: Crash, Exit, or Restart, Reduce Reliability, Unexpected State

Potential mitigations· 1

  • [Architecture and Design]Alert signals generated by critical events should be protected from access by untrusted agents. Only hardware or trusted firmware modules should be able to alter the alert configuration.

Related CAPEC attack patterns· 2

CAPEC-1CAPEC-180

References

  1. https://cwe.mitre.org/data/definitions/1320.html

Exploits (incoming)2

TypeTargetConfidenceTier
AttackPatternExploiting Incorrectly Configured Access Control Security Levelscapec-180100%live
AttackPatternAccessing Functionality Not Properly Constrained by ACLscapec-1100%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CWE
Improper Enforcement of Message Integrity During Transmission in a Communication Channel
CWE
Improper Neutralization
CWE
Improper Validation of Integrity Check Value
CWE
Improper Restriction of Communication Channel to Intended Endpoints
CWE
Hardware Logic with Insecure De-Synchronization between Control and Data Channels
CWE
Improper Verification of Cryptographic Signature
Sourced from MITRE CWE 4.20. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.