CWE-1253Incorrect Selection of Fuse Values

PUBLISHEDweakness record
released 2020-02-24 · last modified 2025-12-11

Metadata

CWE ID:
CWE-1253
摘要:
Base
结构:
Simple
状态:
Draft
发布日期:
2020-02-24
更新日期:
2025-12-11

名称

Incorrect Selection of Fuse Values

描述

The logic level used to set a system to a secure state relies on a fuse being unblown.

Fuses are often used to store secret data, including security configuration data. When not blown, a fuse is considered to store a logic 0, and, when blown, it indicates a logic 1. Fuses are generally considered to be one-directional, i.e., once blown to logic 1, it cannot be reset to logic 0.

常见后果

范围:
Access Control, Authorization
影响:
Bypass Protection Mechanism, Gain Privileges or Assume Identity
注释:
If the logic used to determine system-security state (by leveraging the values sensed from the fuses) uses negative logic, an attacker might blow the fuse and drive the system to an insecure state.
范围:
Availability
影响:
DoS: Crash, Exit, or Restart
范围:
Confidentiality
影响:
Read Memory
范围:
Integrity
影响:
Modify Memory, Execute Unauthorized Code or Commands

相关 CWE