CWE-1247Improper Protection Against Voltage and Clock Glitches

PUBLISHEDweakness record
released 2020-02-24 · last modified 2025-12-11

Metadata

CWE ID:
CWE-1247
摘要:
Base
结构:
Simple
状态:
Stable
发布日期:
2020-02-24
更新日期:
2025-12-11

名称

Improper Protection Against Voltage and Clock Glitches

描述

The device does not contain or contains incorrectly implemented circuitry or sensors to detect and mitigate voltage and clock glitches and protect sensitive information or software contained on the device.

A device might support features such as secure boot which are supplemented with hardware and firmware support. This involves establishing a chain of trust, starting with an immutable root of trust by checking the signature of the next stage (culminating with the OS and runtime software) against a golden value before transferring control. The intermediate stages typically set up the system in a secure state by configuring several access control settings. Similarly, security logic for exercising a debug or testing interface may be implemented in hardware, firmware, or both. A device needs to guard against fault attacks such as voltage glitches and clock glitches that an attacker may employ in an attempt to compromise the system.

常见后果

范围:
Confidentiality, Integrity, Availability, Access Control
影响:
Gain Privileges or Assume Identity, Bypass Protection Mechanism, Read Memory, Modify Memory, Execute Unauthorized Code or Commands

相关 CWE