CWE-1191: On-Chip Debug and Test Interface With Improper Access Control
CWE版本: 4.18
更新日期: 2025-09-09
弱点描述
The chip does not implement or does not correctly perform access control to check whether users are authorized to access internal registers and test modes through the physical debug/test interface.
常见后果
影响范围: Confidentiality
技术影响: Read Application Data
影响范围: Confidentiality
技术影响: Read Memory
影响范围: Authorization
技术影响: Execute Unauthorized Code or Commands
影响范围: Integrity
技术影响: Modify Memory
影响范围: Integrity
技术影响: Modify Application Data
影响范围: Access Control
技术影响: Bypass Protection Mechanism
潜在缓解措施
阶段: Architecture and Design
策略: Separation of Privilege
描述: If feasible, the manufacturer should disable the JTAG interface or implement authentication and authorization for the JTAG interface. If authentication logic is added, it should be resistant to timing attacks. Security-sensitive data stored in registers, such as keys, etc. should be cleared when entering debug mode.
有效性: High
检测方法
方法: Dynamic Analysis with Manual Results Interpretation
方法: Dynamic Analysis with Manual Results Interpretation
方法: Fuzzing
Tests that fuzz Debug and Test Interfaces should ensure that no access without appropriate authentication and authorization is possible.
有效性: Moderate
观察示例
参考: CVE-2019-18827
chain: JTAG interface is not disabled (CWE-1191) during ROM code execution, introducing a race condition (CWE-362) to extract encryption keys
引入模式
| 阶段 | 说明 |
|---|---|
| Architecture and Design | - |
| Implementation | - |