CWE-1244
Internal Asset Exposed to Unsafe Debug Access Level or State
Stable
2020-02-24
00h00 +00:00
00h00 +00:00
2025-12-11
00h00 +00:00
00h00 +00:00
Notificaciones para un CWE
Manténgase informado sobre cualquier cambio en un CWE específico.
Nombre: Internal Asset Exposed to Unsafe Debug Access Level or State
The product uses physical debug or test
interfaces with support for multiple access levels, but it
assigns the wrong debug access level to an internal asset,
providing unintended access to the asset from untrusted debug
agents.
Informaciones generales
Modos de introducción
Architecture and DesignImplementation
Plataformas aplicables
Lenguaje
Class: Not Language-Specific (Undetermined)Sistemas operativos
Class: Not OS-Specific (Undetermined)Arquitecturas
Class: Not Architecture-Specific (Undetermined)Tecnologías
Class: System on Chip (Undetermined)Consecuencias comunes
| Alcance | Impacto | Probabilidad |
|---|---|---|
| Confidentiality | Read Memory Note: If a protection mechanism does not ensure that internal assets have the correct debug access level during each boot stage or change in system state, an attacker could obtain sensitive information from the internal asset using a debugger. | |
| Integrity | Modify Memory | |
| Authorization Access Control | Gain Privileges or Assume Identity, Bypass Protection Mechanism |
Ejemplos observados
| Referencias | Descripción |
|---|---|
CVE-2019-18827 | After ROM code execution, JTAG access is disabled. But before the ROM code is executed, JTAG access is possible, allowing a user full system access. This allows a user to modify the boot flow and successfully bypass the secure-boot process. |
Mitigaciones potenciales
Phases : Architecture and Design // ImplementationPhases : Architecture and Design
Apply blinding [REF-1219] or masking techniques in strategic areas.
Phases : Implementation
Add shielding or tamper-resistant protections to the device, which increases the difficulty and cost for accessing debug/test interfaces.
Métodos de detección
Manual Analysis
Check 2 devices for their passcode to authenticate access to JTAG/debugging ports. If the passcodes are missing or the same, update the design to fix and retest. Check communications over JTAG/debugging ports for encryption. If the communications are not encrypted, fix the design and retest.Efectividad : Moderate
Notas de mapeo de vulnerabilidades
Justificación : This CWE entry is at the Base level of abstraction, which is a preferred level of abstraction for mapping to the root causes of vulnerabilities.Comentario : Carefully read both the name and description to ensure that this mapping is an appropriate fit. Do not try to 'force' a mapping to a lower-level Base/Variant simply to comply with this preferred level of abstraction.
Patrones de ataque relacionados
| CAPEC-ID | Nombre del patrón de ataque |
|---|---|
| CAPEC-114 | Authentication Abuse
An attacker obtains unauthorized access to an application, service or device either through knowledge of the inherent weaknesses of an authentication mechanism, or by exploiting a flaw in the authentication scheme's implementation. In such an attack an authentication mechanism is functioning but a carefully controlled sequence of events causes the mechanism to grant access to the attacker. |
Notas
CWE-1191 and CWE-1244 both involve physical debug access, but the weaknesses are different. CWE-1191 is effectively about missing authorization for a debug interface, i.e. JTAG. CWE-1244 is about providing internal assets with the wrong debug access level, exposing the asset to untrusted debug agents.Referencias
REF-1056
Multiple Vulnerabilities in Barco Clickshare: JTAG access is not permanently disabledF-Secure Labs.
https://labs.withsecure.com/advisories/multiple-vulnerabilities-in-barco-clickshare
REF-1057
Attacks and Defenses for JTAGKurt Rosenfeld, Ramesh Karri.
https://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=5406671
REF-1219
Blindsight: Blinding EM Side-Channel Leakage using Built-In Fully Integrated Inductive Voltage RegulatorMonodeep Kar, Arvind Singh, Santosh Ghosh, Sanu Mathew, Anand Rajan, Vivek De, Raheem Beyah, Saibal Mukhopadhyay.
https://arxiv.org/pdf/1802.09096
REF-1377
csr_regile.sv line 938https://github.com/HACK-EVENT/hackatdac19/blob/57e7b2109c1ea2451914878df2e6ca740c2dcf34/src/csr_regfile.sv#L938
REF-1378
Fix for csr_regfile.sv line 938https://github.com/HACK-EVENT/hackatdac19/blob/a7b61209e56c48eec585eeedea8413997ec71e4a/src/csr_regfile.sv#L938C31-L938C56
Envío
| Nombre | Organización | Fecha | Fecha de lanzamiento | Version |
|---|---|---|---|---|
| Arun Kanuparthi, Hareesh Khattri, Parbati Kumar Manna, Narasimha Kumar V Mangipudi | Intel Corporation | 4.0 |
Modificaciones
| Nombre | Organización | Fecha | Comentario |
|---|---|---|---|
| CWE Content Team | MITRE | updated Demonstrative_Examples, Name, Observed_Examples, Related_Attack_Patterns | |
| CWE Content Team | MITRE | updated Maintenance_Notes | |
| CWE Content Team | MITRE | updated Demonstrative_Examples, Description, Detection_Factors, Maintenance_Notes, Name, Observed_Examples, Potential_Mitigations, References, Relationship_Notes, Relationships, Weakness_Ordinalities | |
| CWE Content Team | MITRE | updated Related_Attack_Patterns | |
| CWE Content Team | MITRE | updated References, Relationships | |
| CWE Content Team | MITRE | updated Mapping_Notes | |
| CWE Content Team | MITRE | updated Demonstrative_Examples, References | |
| CWE Content Team | MITRE | updated References, Relationships | |
| CWE Content Team | MITRE | updated Common_Consequences, Description |
