CWE-1317: Improper Access Control in Fabric Bridge
CWE版本: 4.18
更新日期: 2025-09-09
弱点描述
The product uses a fabric bridge for transactions between two Intellectual Property (IP) blocks, but the bridge does not properly perform the expected privilege, identity, or other access control checks between those IP blocks.
常见后果
影响范围: Confidentiality Integrity Access Control Availability
技术影响: DoS: Crash, Exit, or Restart Bypass Protection Mechanism Read Memory Modify Memory
潜在缓解措施
阶段: Architecture and Design
描述: Ensure that the design includes provisions for access-control checks in the bridge for both upstream and downstream transactions.
阶段: Implementation
描述: Implement access-control checks in the bridge for both upstream and downstream transactions.
检测方法
方法: Simulation / Emulation
RTL simulation to ensure that bridge-access controls are implemented properly.
有效性: High
方法: Formal Verification
Formal verification of bridge RTL to ensure that access control cannot be bypassed.
有效性: High
观察示例
参考: CVE-2019-6260
Baseboard Management Controller (BMC) device implements Advanced High-performance Bus (AHB) bridges that do not require authentication for arbitrary read and write access to the BMC's physical address space from the host, and possibly the network [REF-1138].
引入模式
| 阶段 | 说明 |
|---|---|
| Architecture and Design | - |
| Implementation | - |