CWE-1268: Policy Privileges are not Assigned Consistently Between Control and Data Agents

Base Draft Simple

CWE版本: 4.18

更新日期: 2025-09-09

弱点描述

The product's hardware-enforced access control for a particular resource improperly accounts for privilege discrepancies between control and write policies.

常见后果

影响范围: Confidentiality Integrity Availability Access Control

技术影响: Modify Memory Read Memory DoS: Crash, Exit, or Restart Execute Unauthorized Code or Commands Gain Privileges or Assume Identity Bypass Protection Mechanism Read Files or Directories Reduce Reliability

潜在缓解措施

阶段: Architecture and Design Implementation

描述: Access-control-policy definition and programming flow must be sufficiently tested in pre-silicon and post-silicon testing.

引入模式

阶段	说明
Architecture and Design	This weakness may be introduced during the design of a device when the architect does not comprehensively specify all of the policies required by an agent.
Implementation	This weakness may be introduced during implementation if device policy restrictions do not sufficiently constrain less-privileged clients.

适用平台

编程语言

Not Language-Specific (Undetermined)

操作系统

Not OS-Specific (Undetermined)

技术

Not Technology-Specific (Undetermined)

关键信息

CWE ID: CWE-1268

抽象级别: Base

结构: Simple

状态: Draft

CWE-1268: Policy Privileges are not Assigned Consistently Between Control and Data Agents

弱点描述

常见后果

潜在缓解措施

引入模式

适用平台

编程语言

操作系统

技术

关键信息

相关弱点

相关攻击模式

CWE-1268: Policy Privileges are not Assigned Consistently Between Control and Data Agents

弱点描述

常见后果

潜在缓解措施

引入模式

适用平台

编程语言

操作系统

技术

关键信息

相关弱点

ChildOf CWE-284

相关攻击模式