CWE-1315: Improper Setting of Bus Controlling Capability in Fabric End-point

ID CWE-1315

Abstraction Base

Structure Simple

Status Incomplete

The bus controller enables bits in the fabric end-point to allow responder devices to control transactions on the fabric.

To support reusability, certain fabric interfaces and end points provide a configurable register bit that allows IP blocks connected to the controller to access other peripherals connected to the fabric. This allows the end point to be used with devices that function as a controller or responder. If this bit is set by default in hardware, or if firmware incorrectly sets it later, a device intended to be a responder on a fabric is now capable of controlling transactions to other devices and might compromise system security.

Modes of Introduction

Phase	Note
Architecture and Design
Implementation
System Configuration

Applicable Platforms

Type	Class	Name	Prevalence
Language	Not Language-Specific
Operating_system	Not OS-Specific
Architecture	Not Architecture-Specific
Technology	Not Technology-Specific

Relationships

View			Weakness
# ID	View	Status	# ID	Name	Abstraction	Structure	Status
CWE-1000	Research Concepts	Draft	CWE-284	Improper Access Control	Pillar	Simple	Incomplete

Common Attack Pattern Enumeration and Classification (CAPEC)

The Common Attack Pattern Enumeration and Classification (CAPEC™) effort provides a publicly available catalog of common attack patterns that helps users understand how adversaries exploit weaknesses in applications and other cyber-enabled capabilities.

CAPEC at Mitre.org

# ID	Name	Weaknesses
CAPEC-1	Accessing Functionality Not Properly Constrained by ACLs	CWE-1315
CAPEC-180	Exploiting Incorrectly Configured Access Control Security Levels	CWE-1315