CWE-1283: Mutable Attestation or Measurement Reporting Data

Base Incomplete Simple

CWE版本: 4.18

更新日期: 2025-09-09

弱点描述

The register contents used for attestation or measurement reporting data to verify boot flow are modifiable by an adversary.

常见后果

影响范围: Confidentiality

技术影响: Read Memory Read Application Data

潜在缓解措施

阶段: Architecture and Design

引入模式

阶段	说明
Architecture and Design	Such issues can be introduced during hardware architecture or design and can be identified later during Testing or System Configuration phases.
Implementation	If the access-controls which protecting the reporting registers are misconfigured during implementation, this weakness can arise.

适用平台

编程语言

Not Language-Specific (Undetermined)

操作系统

Not OS-Specific (Undetermined)

技术

Not Technology-Specific (Undetermined)

关键信息

CWE ID: CWE-1283

抽象级别: Base

结构: Simple

状态: Incomplete

CWE-1283: Mutable Attestation or Measurement Reporting Data

弱点描述

常见后果

潜在缓解措施

引入模式

适用平台

编程语言

操作系统

技术

关键信息

相关弱点

相关攻击模式

CWE-1283: Mutable Attestation or Measurement Reporting Data

弱点描述

常见后果

潜在缓解措施

引入模式

适用平台

编程语言

操作系统

技术

关键信息

相关弱点

ChildOf CWE-284

相关攻击模式