CWE-1244
Internal Asset Exposed to Unsafe Debug Access Level or State
Stable
2020-02-24
00h00 +00:00
00h00 +00:00
2025-12-11
00h00 +00:00
00h00 +00:00
Benachrichtigungen für ein CWE
Bleiben Sie über alle Änderungen zu einem bestimmten CWE informiert.
Name: Internal Asset Exposed to Unsafe Debug Access Level or State
The product uses physical debug or test
interfaces with support for multiple access levels, but it
assigns the wrong debug access level to an internal asset,
providing unintended access to the asset from untrusted debug
agents.
Allgemeine Informationen
Einführungsmodi
Architecture and DesignImplementation
Anwendbare Plattformen
Sprache
Class: Not Language-Specific (Undetermined)Betriebssysteme
Class: Not OS-Specific (Undetermined)Architekturen
Class: Not Architecture-Specific (Undetermined)Technologien
Class: System on Chip (Undetermined)Häufige Konsequenzen
| Bereich | Auswirkung | Wahrscheinlichkeit |
|---|---|---|
| Confidentiality | Read Memory Note: If a protection mechanism does not ensure that internal assets have the correct debug access level during each boot stage or change in system state, an attacker could obtain sensitive information from the internal asset using a debugger. | |
| Integrity | Modify Memory | |
| Authorization Access Control | Gain Privileges or Assume Identity, Bypass Protection Mechanism |
Beobachtete Beispiele
| Referenzen | Beschreibung |
|---|---|
CVE-2019-18827 | After ROM code execution, JTAG access is disabled. But before the ROM code is executed, JTAG access is possible, allowing a user full system access. This allows a user to modify the boot flow and successfully bypass the secure-boot process. |
Mögliche Gegenmaßnahmen
Phases : Architecture and Design // ImplementationPhases : Architecture and Design
Apply blinding [REF-1219] or masking techniques in strategic areas.
Phases : Implementation
Add shielding or tamper-resistant protections to the device, which increases the difficulty and cost for accessing debug/test interfaces.
Erkennungsmethoden
Manual Analysis
Check 2 devices for their passcode to authenticate access to JTAG/debugging ports. If the passcodes are missing or the same, update the design to fix and retest. Check communications over JTAG/debugging ports for encryption. If the communications are not encrypted, fix the design and retest.Wirksamkeit : Moderate
Hinweise zur Schwachstellen-Zuordnung
Begründung : This CWE entry is at the Base level of abstraction, which is a preferred level of abstraction for mapping to the root causes of vulnerabilities.Kommentar : Carefully read both the name and description to ensure that this mapping is an appropriate fit. Do not try to 'force' a mapping to a lower-level Base/Variant simply to comply with this preferred level of abstraction.
Verwandte Angriffsmuster
| CAPEC-ID | Name des Angriffsmusters |
|---|---|
| CAPEC-114 | Authentication Abuse
An attacker obtains unauthorized access to an application, service or device either through knowledge of the inherent weaknesses of an authentication mechanism, or by exploiting a flaw in the authentication scheme's implementation. In such an attack an authentication mechanism is functioning but a carefully controlled sequence of events causes the mechanism to grant access to the attacker. |
Hinweise
CWE-1191 and CWE-1244 both involve physical debug access, but the weaknesses are different. CWE-1191 is effectively about missing authorization for a debug interface, i.e. JTAG. CWE-1244 is about providing internal assets with the wrong debug access level, exposing the asset to untrusted debug agents.Referenzen
REF-1056
Multiple Vulnerabilities in Barco Clickshare: JTAG access is not permanently disabledF-Secure Labs.
https://labs.withsecure.com/advisories/multiple-vulnerabilities-in-barco-clickshare
REF-1057
Attacks and Defenses for JTAGKurt Rosenfeld, Ramesh Karri.
https://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=5406671
REF-1219
Blindsight: Blinding EM Side-Channel Leakage using Built-In Fully Integrated Inductive Voltage RegulatorMonodeep Kar, Arvind Singh, Santosh Ghosh, Sanu Mathew, Anand Rajan, Vivek De, Raheem Beyah, Saibal Mukhopadhyay.
https://arxiv.org/pdf/1802.09096
REF-1377
csr_regile.sv line 938https://github.com/HACK-EVENT/hackatdac19/blob/57e7b2109c1ea2451914878df2e6ca740c2dcf34/src/csr_regfile.sv#L938
REF-1378
Fix for csr_regfile.sv line 938https://github.com/HACK-EVENT/hackatdac19/blob/a7b61209e56c48eec585eeedea8413997ec71e4a/src/csr_regfile.sv#L938C31-L938C56
Einreichung
| Name | Organisation | Datum | Veröffentlichungsdatum | Version |
|---|---|---|---|---|
| Arun Kanuparthi, Hareesh Khattri, Parbati Kumar Manna, Narasimha Kumar V Mangipudi | Intel Corporation | 4.0 |
Änderungen
| Name | Organisation | Datum | Kommentar |
|---|---|---|---|
| CWE Content Team | MITRE | updated Demonstrative_Examples, Name, Observed_Examples, Related_Attack_Patterns | |
| CWE Content Team | MITRE | updated Maintenance_Notes | |
| CWE Content Team | MITRE | updated Demonstrative_Examples, Description, Detection_Factors, Maintenance_Notes, Name, Observed_Examples, Potential_Mitigations, References, Relationship_Notes, Relationships, Weakness_Ordinalities | |
| CWE Content Team | MITRE | updated Related_Attack_Patterns | |
| CWE Content Team | MITRE | updated References, Relationships | |
| CWE Content Team | MITRE | updated Mapping_Notes | |
| CWE Content Team | MITRE | updated Demonstrative_Examples, References | |
| CWE Content Team | MITRE | updated References, Relationships | |
| CWE Content Team | MITRE | updated Common_Consequences, Description |
