CWE-1299 Detail

CWE-1299

Missing Protection Mechanism for Alternate Hardware Interface
Draft
2020-08-20
00h00 +00:00
2024-02-29
00h00 +00:00
Notifications for a CWE
Stay informed of any changes for a specific CWE.
Notifications manage

Name: Missing Protection Mechanism for Alternate Hardware Interface

The lack of protections on alternate paths to access control-protected assets (such as unprotected shadow registers and other external facing unguarded interfaces) allows an attacker to bypass existing protections to the asset that are only performed against the primary path.

CWE Description

An asset inside a chip might have access-control protections through one interface. However, if all paths to the asset are not protected, an attacker might compromise the asset through alternate paths. These alternate paths could be through shadow or mirror registers inside the IP core, or could be paths from other external-facing interfaces to the IP core or SoC.

Consider an SoC with various interfaces such as UART, SMBUS, PCIe, USB, etc. If access control is implemented for SoC internal registers only over the PCIe interface, then an attacker could still modify the SoC internal registers through alternate paths by coming through interfaces such as UART, SMBUS, USB, etc.

Alternatively, attackers might be able to bypass existing protections by exploiting unprotected, shadow registers. Shadow registers and mirror registers typically refer to registers that can be accessed from multiple addresses. Writing to or reading from the aliased/mirrored address has the same effect as writing to the address of the main register. They are typically implemented within an IP core or SoC to temporarily hold certain data. These data will later be updated to the main register, and both registers will be in synch. If the shadow registers are not access-protected, attackers could simply initiate transactions to the shadow registers and compromise system security.

General Informations

Modes Of Introduction

Architecture and Design
Implementation

Applicable Platforms

Language

Class: Not Language-Specific (Undetermined)

Operating Systems

Class: Not OS-Specific (Undetermined)

Architectures

Class: Not Architecture-Specific (Undetermined)

Technologies

Name: Microcontroller Hardware (Undetermined)
Name: Processor Hardware (Undetermined)
Name: Bus/Interface Hardware (Undetermined)
Class: Not Technology-Specific (Undetermined)

Common Consequences

Scope Impact Likelihood
Confidentiality
Integrity
Availability
Access Control
Modify Memory, Read Memory, DoS: Resource Consumption (Other), Execute Unauthorized Code or Commands, Gain Privileges or Assume Identity, Alter Execution Logic, Bypass Protection Mechanism, Quality DegradationHigh

Observed Examples

References Description

CVE-2022-38399

Missing protection mechanism on serial connection allows for arbitrary OS command execution.

CVE-2020-9285

Mini-PCI Express slot does not restrict direct memory access.

CVE-2020-8004

When the internal flash is protected by blocking access on the Data Bus (DBUS), it can still be indirectly accessed through the Instruction Bus (IBUS).

CVE-2017-18293

When GPIO is protected by blocking access to corresponding GPIO resource registers, protection can be bypassed by writing to the corresponding banked GPIO registers instead.

CVE-2020-15483

monitor device allows access to physical UART debug port without authentication

Potential Mitigations

Phases : Requirements
Protect assets from accesses against all potential interfaces and alternate paths.
Phases : Architecture and Design
Protect assets from accesses against all potential interfaces and alternate paths.
Phases : Implementation
Protect assets from accesses against all potential interfaces and alternate paths.

Vulnerability Mapping Notes

Justification : This CWE entry is at the Base level of abstraction, which is a preferred level of abstraction for mapping to the root causes of vulnerabilities.
Comment : Carefully read both the name and description to ensure that this mapping is an appropriate fit. Do not try to 'force' a mapping to a lower-level Base/Variant simply to comply with this preferred level of abstraction.

Related Attack Patterns

CAPEC-ID Attack Pattern Name
CAPEC-457 USB Memory Attacks
An adversary loads malicious code onto a USB memory stick in order to infect any system which the device is plugged in to. USB drives present a significant security risk for business and government agencies. Given the ability to integrate wireless functionality into a USB stick, it is possible to design malware that not only steals confidential data, but sniffs the network, or monitor keystrokes, and then exfiltrates the stolen data off-site via a Wireless connection. Also, viruses can be transmitted via the USB interface without the specific use of a memory stick. The attacks from USB devices are often of such sophistication that experts conclude they are not the work of single individuals, but suggest state sponsorship. These attacks can be performed by an adversary with direct access to a target system or can be executed via means such as USB Drop Attacks.
CAPEC-554 Functionality Bypass
An adversary attacks a system by bypassing some or all functionality intended to protect it. Often, a system user will think that protection is in place, but the functionality behind those protections has been disabled by the adversary.

Submission

Name Organization Date Date release Version
Arun Kanuparthi, Hareesh Khattri, Parbati Kumar Manna, Narasimha Kumar V Mangipudi Intel Corporation 2019-10-02 +00:00 2020-08-20 +00:00 4.2

Modifications

Name Organization Date Comment
CWE Content Team MITRE 2020-12-10 +00:00 updated Relationships
CWE Content Team MITRE 2021-07-20 +00:00 updated Observed_Examples, Related_Attack_Patterns
CWE Content Team MITRE 2022-04-28 +00:00 updated Applicable_Platforms, Common_Consequences, Related_Attack_Patterns
CWE Content Team MITRE 2022-06-28 +00:00 updated Applicable_Platforms
CWE Content Team MITRE 2023-01-31 +00:00 updated Related_Attack_Patterns
CWE Content Team MITRE 2023-04-27 +00:00 updated Relationships
CWE Content Team MITRE 2023-06-29 +00:00 updated Mapping_Notes
CWE Content Team MITRE 2023-10-26 +00:00 updated Demonstrative_Examples, Observed_Examples
CWE Content Team MITRE 2024-02-29 +00:00 updated Demonstrative_Examples