CWE-1299: Missing Protection Mechanism for Alternate Hardware Interface
CWE版本: 4.18
更新日期: 2025-09-09
弱点描述
The lack of protections on alternate paths to access control-protected assets (such as unprotected shadow registers and other external facing unguarded interfaces) allows an attacker to bypass existing protections to the asset that are only performed against the primary path.
常见后果
影响范围: Confidentiality Integrity Availability Access Control
技术影响: Modify Memory Read Memory DoS: Resource Consumption (Other) Execute Unauthorized Code or Commands Gain Privileges or Assume Identity Alter Execution Logic Bypass Protection Mechanism Quality Degradation
潜在缓解措施
阶段: Requirements
描述: Protect assets from accesses against all potential interfaces and alternate paths.
有效性: Defense in Depth
阶段: Architecture and Design
描述: Protect assets from accesses against all potential interfaces and alternate paths.
有效性: Defense in Depth
阶段: Implementation
描述: Protect assets from accesses against all potential interfaces and alternate paths.
有效性: Defense in Depth
观察示例
参考: CVE-2022-38399
Missing protection mechanism on serial connection allows for arbitrary OS command execution.
参考: CVE-2020-9285
Mini-PCI Express slot does not restrict direct memory access.
参考: CVE-2020-8004
When the internal flash is protected by blocking access on the Data Bus (DBUS), it can still be indirectly accessed through the Instruction Bus (IBUS).
参考: CVE-2017-18293
When GPIO is protected by blocking access to corresponding GPIO resource registers, protection can be bypassed by writing to the corresponding banked GPIO registers instead.
参考: CVE-2020-15483
monitor device allows access to physical UART debug port without authentication
引入模式
| 阶段 | 说明 |
|---|---|
| Architecture and Design | - |
| Implementation | - |