CWE-1328: Security Version Number Mutable to Older Versions

Base Draft Simple

CWE版本: 4.18

更新日期: 2025-09-09

弱点描述

Security-version number in hardware is mutable, resulting in the ability to downgrade (roll-back) the boot firmware to vulnerable code versions.

常见后果

影响范围: Confidentiality Integrity Authentication Authorization

技术影响: Other

说明: Impact includes roll-back or downgrade to a vulnerable version of the firmware or DoS (prevent upgrades).

潜在缓解措施

阶段: Architecture and Design

描述: When architecting the system, security version data should be designated for storage in registers that are either read-only or have access controls that prevent modification by an untrusted agent.

阶段: Implementation

描述: During implementation and test, security version data should be demonstrated to be read-only and access controls should be validated.

检测方法

方法: Automated Dynamic Analysis

Mutability of stored security version numbers and programming with older firmware images should be part of automated testing.

有效性: High

方法: Architecture or Design Review

Anti-roll-back features should be reviewed as part of Architecture or Design review.

有效性: High

引入模式

阶段	说明
Architecture and Design	-
Implementation	Such issues could be introduced during hardware architecture and design, and can be identified later during testing or system configuration phases.

适用平台

编程语言

Not Language-Specific (Undetermined)

操作系统

Not OS-Specific (Undetermined)

技术

Security Hardware (Undetermined) Not Technology-Specific (Undetermined)

关键信息

CWE ID: CWE-1328

抽象级别: Base

结构: Simple

状态: Draft

CWE-1328: Security Version Number Mutable to Older Versions

弱点描述

常见后果

潜在缓解措施

检测方法

引入模式

适用平台

编程语言

操作系统

技术

关键信息

相关弱点

相关攻击模式

CWE-1328: Security Version Number Mutable to Older Versions

弱点描述

常见后果

潜在缓解措施

检测方法

引入模式

适用平台

编程语言

操作系统

技术

关键信息

相关弱点

ChildOf CWE-285

PeerOf CWE-757

相关攻击模式