CWE-1268
Policy Privileges are not Assigned Consistently Between Control and Data Agents
Draft
2020-02-24
00h00 +00:00
00h00 +00:00
2025-12-11
00h00 +00:00
00h00 +00:00
Powiadomienia dla konkretnego CWE
Bądź na bieżąco z wszelkimi zmianami dotyczącymi konkretnego CWE.
Nazwa: Policy Privileges are not Assigned Consistently Between Control and Data Agents
The product's hardware-enforced access control for a particular resource improperly accounts for privilege discrepancies between control and write policies.
Informacje ogólne
Sposoby wprowadzenia
Architecture and Design : This weakness may be introduced during the design of a device when the architect does not comprehensively specify all of the policies required by an agent.Implementation : This weakness may be introduced during implementation if device policy restrictions do not sufficiently constrain less-privileged clients.
Odpowiednie platformy
Język
Class: Not Language-Specific (Undetermined)Systemy operacyjne
Class: Not OS-Specific (Undetermined)Architektury
Class: Not Architecture-Specific (Undetermined)Technologie
Class: Not Technology-Specific (Undetermined)Typowe konsekwencje
| Zakres | Wpływ | Prawdopodobieństwo |
|---|---|---|
| Confidentiality Integrity Availability Access Control | Modify Memory, Read Memory, DoS: Crash, Exit, or Restart, Execute Unauthorized Code or Commands, Gain Privileges or Assume Identity, Bypass Protection Mechanism, Read Files or Directories, Reduce Reliability | High |
Potencjalne środki zaradcze
Phases : Architecture and Design // ImplementationAccess-control-policy definition and programming flow must be sufficiently tested in pre-silicon and post-silicon testing.
Uwagi dotyczące mapowania podatności
Uzasadnienie : This CWE entry is at the Base level of abstraction, which is a preferred level of abstraction for mapping to the root causes of vulnerabilities.Komentarz : Carefully read both the name and description to ensure that this mapping is an appropriate fit. Do not try to 'force' a mapping to a lower-level Base/Variant simply to comply with this preferred level of abstraction.
Powiązane wzorce ataków
| CAPEC-ID | Nazwa wzorca ataku |
|---|---|
| CAPEC-180 | Exploiting Incorrectly Configured Access Control Security Levels
An attacker exploits a weakness in the configuration of access controls and is able to bypass the intended protection that these measures guard against and thereby obtain unauthorized access to the system or network. Sensitive functionality should always be protected with access controls. However configuring all but the most trivial access control systems can be very complicated and there are many opportunities for mistakes. If an attacker can learn of incorrectly configured access security settings, they may be able to exploit this in an attack. |
Notatki
This entry is still under development and will continue to see updates and content improvements.Zgłoszenie
| Nazwa | Organizacja | Data | Data wydania | Version |
|---|---|---|---|---|
| Arun Kanuparthi, Hareesh Khattri, Parbati Kumar Manna, Narasimha Kumar V Mangipudi | Intel Corporation | 4.1 |
Modyfikacje
| Nazwa | Organizacja | Data | Komentarz |
|---|---|---|---|
| CWE Content Team | MITRE | updated Demonstrative_Examples, Description, Modes_of_Introduction, Name, Potential_Mitigations, Related_Attack_Patterns | |
| CWE Content Team | MITRE | updated Potential_Mitigations | |
| CWE Content Team | MITRE | updated Related_Attack_Patterns | |
| CWE Content Team | MITRE | updated Demonstrative_Examples | |
| CWE Content Team | MITRE | updated Demonstrative_Examples | |
| CWE Content Team | MITRE | updated Relationships | |
| CWE Content Team | MITRE | updated Mapping_Notes | |
| CWE Content Team | MITRE | updated Demonstrative_Examples, Relationships, Weakness_Ordinalities |
