CWE-1296 Détail de la faiblesse

CWE-1296

Nom

Incorrect Chaining or Granularity of Debug Components

Statut

Incomplete

Publié

2020-08-20
00h00 +00:00

Modifié

2023-06-29
00h00 +00:00

Liens officiels

CWE Mitre.org

Notifications pour un CWE

Restez informé de toutes modifications pour un CWE spécifique.

Gestion des notifications

Liste des Notifications

Notifications pour un CWE

Restez informé de toutes modifications pour un CWE spécifique.

Paramètres

Vous pouvez spécifier un titre qui sera récupéré dans les alertes qui seront envoyées.

Spécifiez le CWE ID que vous désirez surveiller.

Planifications

Mois

Prochaine exécution calculée

Jour

Jour de la semaine

Heure

Minute

Date de création

Dernière exécution

Prochaine exécution

Fonctionnalité nécessitant une connexion

Cette fonctionnalité qui vous permet de recevoir des alertes, n'est active que lorsque vous êtes connecté à votre compte.

Nom: Incorrect Chaining or Granularity of Debug Components

The product's debug components contain incorrect chaining or granularity of debug components.

Description du CWE

For debugging and troubleshooting a chip, several hardware design elements are often implemented, including:

Various Test Access Ports (TAPs) allow boundary scan commands to be executed.
For scanning the internal components of a chip, there are scan cells that allow the chip to be used as a "stimulus and response" mechanism.
Chipmakers might create custom methods to observe the internal components of their chips by placing various tracing hubs within their chip and creating hierarchical or interconnected structures among those hubs.

Logic errors during design or synthesis could misconfigure the interconnection of the debug components, which could allow unintended access permissions.

Informations générales

Modes d'introduction

Implementation

Plateformes applicables

Langue

Name: Verilog (Undetermined)
Name: VHDL (Undetermined)
Class: Not Language-Specific (Undetermined)

Systèmes d’exploitation

Class: Not OS-Specific (Undetermined)

Architectures

Class: Not Architecture-Specific (Undetermined)

Technologies

Name: Processor Hardware (Undetermined)
Class: Not Technology-Specific (Undetermined)

Conséquences courantes

Portée	Impact	Probabilité
Confidentiality Integrity Access Control Authentication Authorization Availability Accountability	Gain Privileges or Assume Identity, Bypass Protection Mechanism, Execute Unauthorized Code or Commands, Modify Memory, Modify Files or Directories Note: Depending on the access to debug component(s) erroneously granted, an attacker could use the debug component to gain additional understanding about the system to further an attack and/or execute other commands. This could compromise any security property, including the ones listed above.	Medium

Exemples observés

Références	Description
CVE-2017-18347	Incorrect access control in RDP Level 1 on STMicroelectronics STM32F0 series devices allows physically present attackers to extract the device's protected firmware via a special sequence of Serial Wire Debug (SWD) commands because there is a race condition between full initialization of the SWD interface and the setup of flash protection.
CVE-2020-1791	There is an improper authorization vulnerability in several smartphones. The system has a logic-judging error, and, under certain scenarios, a successful exploit could allow the attacker to switch to third desktop after a series of operations in ADB mode. (Vulnerability ID: HWPSIRT-2019-10114).

Mesures d’atténuation potentielles

Phases : Implementation
Ensure that debug components are properly chained and their granularity is maintained at different authentication levels.

Méthodes de détection

Architecture or Design Review

Appropriate Post-Si tests should be carried out at various authorization levels to ensure that debug components are properly chained and accessible only to users with appropriate credentials.
Efficacité : High

Dynamic Analysis with Manual Results Interpretation

Notes de cartographie des vulnérabilités

Justification : This CWE entry is at the Base level of abstraction, which is a preferred level of abstraction for mapping to the root causes of vulnerabilities.
Commentaire : Carefully read both the name and description to ensure that this mapping is an appropriate fit. Do not try to 'force' a mapping to a lower-level Base/Variant simply to comply with this preferred level of abstraction.

Modèles d'attaque associés

CAPEC-ID	Nom du modèle d'attaque
CAPEC-121	Exploit Non-Production Interfaces An adversary exploits a sample, demonstration, test, or debug interface that is unintentionally enabled on a production system, with the goal of gleaning information or leveraging functionality that would otherwise be unavailable.
CAPEC-702	Exploiting Incorrect Chaining or Granularity of Hardware Debug Components An adversary exploits incorrect chaining or granularity of hardware debug components in order to gain unauthorized access to debug functionality on a chip. This happens when authorization is not checked on a per function basis and is assumed for a chain or group of debug functionality.

NotesNotes

This entry is still under development and will continue to see updates and content improvements.

Soumission

Nom	Organisation	Date	Date de publication	Version
Arun Kanuparthi, Hareesh Khattri, Parbati Kumar Manna	Intel Corporation	2020-05-31 +00:00	2020-08-20 +00:00	4.2

Modifications

Nom	Organisation	Date	Commentaire
CWE Content Team	MITRE	2021-07-20 +00:00	updated Related_Attack_Patterns
CWE Content Team	MITRE	2022-04-28 +00:00	updated Applicable_Platforms, Related_Attack_Patterns
CWE Content Team	MITRE	2022-06-28 +00:00	updated Applicable_Platforms
CWE Content Team	MITRE	2023-01-31 +00:00	updated Related_Attack_Patterns
CWE Content Team	MITRE	2023-04-27 +00:00	updated Relationships
CWE Content Team	MITRE	2023-06-29 +00:00	updated Mapping_Notes

Détail du CWE-1296