BaseDraft

CWE-1328Security Version Number Mutable to Older Versions

Category: other

Description

Security-version number in hardware is mutable, resulting in the ability to downgrade (roll-back) the boot firmware to vulnerable code versions.

Common consequences· 1

  • Confidentiality / Integrity / Authentication / Authorization — Other
    Impact includes roll-back or downgrade to a vulnerable version of the firmware or DoS (prevent upgrades).

Potential mitigations· 2

  • [Architecture and Design]When architecting the system, security version data should be designated for storage in registers that are either read-only or have access controls that prevent modification by an untrusted agent.
  • [Implementation]During implementation and test, security version data should be demonstrated to be read-only and access controls should be validated.

Related CAPEC attack patterns· 1

CAPEC-176

References

  1. https://cwe.mitre.org/data/definitions/1328.html

Exploits (incoming)1

TypeTargetConfidenceTier
AttackPatternConfiguration/Environment Manipulationcapec-176100%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CWE
Missing Immutable Root of Trust in Hardware
CWE
Improper Access Control for Volatile Memory Containing Boot Code
CWE
Semiconductor Defects in Hardware Logic with Security-Sensitive Implications
CWE
Missing Ability to Patch ROM Code
CWE
Improper Finite State Machines (FSMs) in Hardware Logic
CWE
Hardware Allows Activation of Test or Debug Logic at Runtime
Sourced from MITRE CWE 4.20. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.