1. Home
  2. Weaknesses
  3. CWE-1299

CWE-1299: Missing Protection Mechanism for Alternate Hardware Interface

ID CWE-1299
Abstraction Base
Structure Simple
Status Draft
Number of CVEs 5
Detail CAPEC Dashboard Vulnerabilities Web & Social
The lack of protections on alternate paths to access control-protected assets (such as unprotected shadow registers and other external facing unguarded interfaces) allows an attacker to bypass existing protections to the asset that are only performed against the primary path.

An asset inside a chip might have access-control protections through one interface. However, if all paths to the asset are not protected, an attacker might compromise the asset through alternate paths. These alternate paths could be through shadow or mirror registers inside the IP core, or could be paths from other external-facing interfaces to the IP core or SoC.

Consider an SoC with various interfaces such as UART, SMBUS, PCIe, USB, etc. If access control is implemented for SoC internal registers only over the PCIe interface, then an attacker could still modify the SoC internal registers through alternate paths by coming through interfaces such as UART, SMBUS, USB, etc.

Alternatively, attackers might be able to bypass existing protections by exploiting unprotected, shadow registers. Shadow registers and mirror registers typically refer to registers that can be accessed from multiple addresses. Writing to or reading from the aliased/mirrored address has the same effect as writing to the address of the main register. They are typically implemented within an IP core or SoC to temporarily hold certain data. These data will later be updated to the main register, and both registers will be in synch. If the shadow registers are not access-protected, attackers could simply initiate transactions to the shadow registers and compromise system security.

Modes of Introduction

Phase Note
Architecture and Design
Implementation

Applicable Platforms

Type Class Name Prevalence
Language Not Language-Specific
Operating_system Not OS-Specific
Architecture Not Architecture-Specific
Technology Microcontroller Hardware
Technology Processor Hardware
Technology Bus/Interface Hardware
Technology Not Technology-Specific

Relationships

View Weakness
# ID View Status # ID Name Abstraction Structure Status
CWE-1194 Hardware Design Draft CWE-1191 On-Chip Debug and Test Interface With Improper Access Control Base Simple Stable
CWE-1000 Research Concepts Draft CWE-420 Unprotected Alternate Channel Base Simple Draft
CWE-1000 Research Concepts Draft CWE-288 Authentication Bypass Using an Alternate Path or Channel Base Simple Incomplete

Common Attack Pattern Enumeration and Classification (CAPEC)

The Common Attack Pattern Enumeration and Classification (CAPECâ„¢) effort provides a publicly available catalog of common attack patterns that helps users understand how adversaries exploit weaknesses in applications and other cyber-enabled capabilities.

CAPEC at Mitre.org
# ID Name Weaknesses
CAPEC-457 USB Memory Attacks CWE-1299
CAPEC-554 Functionality Bypass CWE-1299

CVEs Published

Based on CVE published date

CVSS Severity

CVSS Severity - By Year

CVSS Base Score

# CVE Description CVSS EPSS EPSS Trend (30 days) Affected Products Weaknesses Security Advisories Exploits PoC Pubblication Date Modification Date
# CVE Description CVSS EPSS EPSS Trend (30 days) Affected Products Weaknesses Security Advisories PoC Pubblication Date Modification Date