CWE-1294 Detail

CWE-1294

Insecure Security Identifier Mechanism
Incomplete
2020-08-20
00h00 +00:00
2025-12-11
00h00 +00:00
CWE Mitre.org
Meldingen voor een CWE
Blijf op de hoogte van wijzigingen voor een specifieke CWE.
Meldingen beheren

Naam: Insecure Security Identifier Mechanism

The System-on-Chip (SoC) implements a Security Identifier mechanism to differentiate what actions are allowed or disallowed when a transaction originates from an entity. However, the Security Identifiers are not correctly implemented.

Algemene informatie

Introductiemodi

Architecture and Design : Such issues could be introduced during hardware architecture and design, then identified later during Testing or System Configuration phases.
Implementation : Such issues could be introduced during hardware implementation, then identified later during Testing or System Configuration phases.

Toepasselijke platforms

Taal

Class: Not Language-Specific (Undetermined)

Besturingssystemen

Class: Not OS-Specific (Undetermined)

Architecturen

Class: Not Architecture-Specific (Undetermined)

Technologieën

Name: Bus/Interface Hardware (Undetermined)
Class: Not Technology-Specific (Undetermined)

Veelvoorkomende gevolgen

Bereik Impact Waarschijnlijkheid
Confidentiality
Integrity
Availability
Access Control		Modify Memory, Read Memory, DoS: Resource Consumption (Other), Execute Unauthorized Code or Commands, Gain Privileges or Assume Identity, Quality DegradationHigh

Mogelijke risicobeperkingen

Phases : Architecture and Design
Security Identifier Decoders must be reviewed for design inconsistency and common weaknesses.
Phases : Implementation
Access and programming flows must be tested in pre-silicon and post-silicon testing.

Notities kwetsbaarheidsmapping

Rechtvaardiging : This CWE entry is a Class and might have Base-level children that would be more appropriate
Opmerking : Examine children of this entry to see if there is a better fit

Gerelateerde aanvalspatronen

CAPEC-ID Naam aanvalspatroon
CAPEC-121 Exploit Non-Production Interfaces
CAPEC-681 Exploitation of Improperly Controlled Hardware Security Identifiers

Notities

This entry is still under development and will continue to see updates and content improvements.

Indiening

Naam Organisatie Datum Releasedatum Version
CWE Content Team MITRE 2020-07-17 +00:00 2020-08-20 +00:00 4.2

Wijzigingen

Naam Organisatie Datum Opmerking
CWE Content Team MITRE 2021-07-20 +00:00 updated Related_Attack_Patterns
CWE Content Team MITRE 2022-04-28 +00:00 updated Applicable_Platforms, Related_Attack_Patterns
CWE Content Team MITRE 2022-06-28 +00:00 updated Applicable_Platforms
CWE Content Team MITRE 2023-04-27 +00:00 updated Relationships
CWE Content Team MITRE 2023-06-29 +00:00 updated Mapping_Notes
CWE Content Team MITRE 2025-12-11 +00:00 updated Weakness_Ordinalities
De informatie die op CVE Find wordt gepresenteerd, is afkomstig van verschillende zorgvuldig geselecteerde referentiebronnen. CVE-gegevens worden geleverd door MITRE Corporation en de National Vulnerability Database (NVD). De Known Exploited Vulnerabilities (KEV)-catalogus is afkomstig van de Cybersecurity and Infrastructure Security Agency (CISA), terwijl EPSS-scores afkomstig zijn van FIRST.org. Daarnaast worden gegevens over softwarezwakheden (CWE) en veelvoorkomende aanvalspatronen (CAPEC) bijgehouden door MITRE Corporation, en informatie over hardware- en softwareconfiguraties (CPE) wordt geleverd door de NVD.