CWE-1244
Internal Asset Exposed to Unsafe Debug Access Level or State
Stable
2020-02-24
00h00 +00:00
00h00 +00:00
2025-12-11
00h00 +00:00
00h00 +00:00
Notificações para um CWE
Fique informado sobre quaisquer alterações para um CWE específico.
Nome: Internal Asset Exposed to Unsafe Debug Access Level or State
The product uses physical debug or test
interfaces with support for multiple access levels, but it
assigns the wrong debug access level to an internal asset,
providing unintended access to the asset from untrusted debug
agents.
Informações Gerais
Modos de Introdução
Architecture and DesignImplementation
Plataformas Aplicáveis
Linguagem
Class: Not Language-Specific (Undetermined)Sistemas Operacionais
Class: Not OS-Specific (Undetermined)Arquiteturas
Class: Not Architecture-Specific (Undetermined)Tecnologias
Class: System on Chip (Undetermined)Consequências Comuns
| Escopo | Impacto | Probabilidade |
|---|---|---|
| Confidentiality | Read Memory Note: If a protection mechanism does not ensure that internal assets have the correct debug access level during each boot stage or change in system state, an attacker could obtain sensitive information from the internal asset using a debugger. | |
| Integrity | Modify Memory | |
| Authorization Access Control | Gain Privileges or Assume Identity, Bypass Protection Mechanism |
Exemplos Observados
| Referências | Descrição |
|---|---|
CVE-2019-18827 | After ROM code execution, JTAG access is disabled. But before the ROM code is executed, JTAG access is possible, allowing a user full system access. This allows a user to modify the boot flow and successfully bypass the secure-boot process. |
Mitigações Potenciais
Phases : Architecture and Design // ImplementationPhases : Architecture and Design
Apply blinding [REF-1219] or masking techniques in strategic areas.
Phases : Implementation
Add shielding or tamper-resistant protections to the device, which increases the difficulty and cost for accessing debug/test interfaces.
Métodos de Detecção
Manual Analysis
Check 2 devices for their passcode to authenticate access to JTAG/debugging ports. If the passcodes are missing or the same, update the design to fix and retest. Check communications over JTAG/debugging ports for encryption. If the communications are not encrypted, fix the design and retest.Eficácia : Moderate
Notas de Mapeamento de Vulnerabilidade
Justificativa : This CWE entry is at the Base level of abstraction, which is a preferred level of abstraction for mapping to the root causes of vulnerabilities.Comentário : Carefully read both the name and description to ensure that this mapping is an appropriate fit. Do not try to 'force' a mapping to a lower-level Base/Variant simply to comply with this preferred level of abstraction.
Padrões de Ataque Relacionados
| CAPEC-ID | Nome do Padrão de Ataque |
|---|---|
| CAPEC-114 | Authentication Abuse
An attacker obtains unauthorized access to an application, service or device either through knowledge of the inherent weaknesses of an authentication mechanism, or by exploiting a flaw in the authentication scheme's implementation. In such an attack an authentication mechanism is functioning but a carefully controlled sequence of events causes the mechanism to grant access to the attacker. |
Notas
CWE-1191 and CWE-1244 both involve physical debug access, but the weaknesses are different. CWE-1191 is effectively about missing authorization for a debug interface, i.e. JTAG. CWE-1244 is about providing internal assets with the wrong debug access level, exposing the asset to untrusted debug agents.Referências
REF-1056
Multiple Vulnerabilities in Barco Clickshare: JTAG access is not permanently disabledF-Secure Labs.
https://labs.withsecure.com/advisories/multiple-vulnerabilities-in-barco-clickshare
REF-1057
Attacks and Defenses for JTAGKurt Rosenfeld, Ramesh Karri.
https://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=5406671
REF-1219
Blindsight: Blinding EM Side-Channel Leakage using Built-In Fully Integrated Inductive Voltage RegulatorMonodeep Kar, Arvind Singh, Santosh Ghosh, Sanu Mathew, Anand Rajan, Vivek De, Raheem Beyah, Saibal Mukhopadhyay.
https://arxiv.org/pdf/1802.09096
REF-1377
csr_regile.sv line 938https://github.com/HACK-EVENT/hackatdac19/blob/57e7b2109c1ea2451914878df2e6ca740c2dcf34/src/csr_regfile.sv#L938
REF-1378
Fix for csr_regfile.sv line 938https://github.com/HACK-EVENT/hackatdac19/blob/a7b61209e56c48eec585eeedea8413997ec71e4a/src/csr_regfile.sv#L938C31-L938C56
Submissão
| Nome | Organização | Data | Data de lançamento | Version |
|---|---|---|---|---|
| Arun Kanuparthi, Hareesh Khattri, Parbati Kumar Manna, Narasimha Kumar V Mangipudi | Intel Corporation | 4.0 |
Modificações
| Nome | Organização | Data | Comentário |
|---|---|---|---|
| CWE Content Team | MITRE | updated Demonstrative_Examples, Name, Observed_Examples, Related_Attack_Patterns | |
| CWE Content Team | MITRE | updated Maintenance_Notes | |
| CWE Content Team | MITRE | updated Demonstrative_Examples, Description, Detection_Factors, Maintenance_Notes, Name, Observed_Examples, Potential_Mitigations, References, Relationship_Notes, Relationships, Weakness_Ordinalities | |
| CWE Content Team | MITRE | updated Related_Attack_Patterns | |
| CWE Content Team | MITRE | updated References, Relationships | |
| CWE Content Team | MITRE | updated Mapping_Notes | |
| CWE Content Team | MITRE | updated Demonstrative_Examples, References | |
| CWE Content Team | MITRE | updated References, Relationships | |
| CWE Content Team | MITRE | updated Common_Consequences, Description |
