CWE-1244 - Internal Asset Exposed to Unsafe Debug Access Level or State

  • 摘要:Base
  • 结构:Simple
  • 状态:Stable
  • 发布日期:2020-02-24
  • 更新日期:2025-12-11

名称

Internal Asset Exposed to Unsafe Debug Access Level or State

描述

The product uses physical debug or test interfaces with support for multiple access levels, but it assigns the wrong debug access level to an internal asset, providing unintended access to the asset from untrusted debug agents.

Debug authorization can have multiple levels of access, defined such that different system internal assets are accessible based on the current authorized debug level. Other than debugger authentication (e.g., using passwords or challenges), the authorization can also be based on the system state or boot stage. For example, full system debug access might only be allowed early in boot after a system reset to ensure that previous session data is not accessible to the authenticated debugger.

常见后果

范围:Confidentiality

影响:Read Memory

注释:If a protection mechanism does not ensure that internal assets have the correct debug access level during each boot stage or change in system state, an attacker could obtain sensitive information from the internal asset using a debugger.

范围:Integrity

影响:Modify Memory

范围:Authorization, Access Control

影响:Gain Privileges or Assume Identity, Bypass Protection Mechanism

相关 CWE