This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Cisco RV340 routers. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed.
Daily Archives: May 27, 2022
ZDI-22-803: Cisco RV340 JSON RPC set-snmp Stack-based Buffer Overflow Remote Code Execution Vulnerability
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Cisco RV340 routers. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed.
ZDI-22-804: KeySight N6841A RF Sensor Deserialization of Untrusted Data Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of KeySight N6841A RF Sensor. Authentication is not required to exploit this vulnerability.
ZDI-22-805: KeySight N6841A RF Sensor UserFirmwareRequestHandler Directory Traversal Information Disclosure Vulnerability
This vulnerability allows remote attackers to disclose sensitive information on affected installations of KeySight N6841A RF Sensor. Authentication is not required to exploit this vulnerability.
Ransomware Roundup – 2022/05/26
FortiGuard Labs became aware of a number of new Ransomware strains for the week of May 23rd, 2022. It is imperative to raise awareness about new ransomware as infections can cause severe damage to the affected machines and organizations. This Threat Signal covers Yashma ransomware, GoodWill ransomware and Horsemagyar ransomware along with Fortinet protections against them.What is Yashma Ransomware?Yashma ransomware is a new and is generated through Yashma ransomware builder. It is claimed as the sixth version of Chaos ransomware builder. Reportedly, compared to the fifth version, Yashma ransomware builder now supports the “forbidden country” option which attackers can choose not to run the generated ransomware based on the victim’s location. The new builder also enables the ransomware to stop a wide variety of services running on the compromised machine such as anti-malware solutions, and Remote Desktop and Backup services. Additionally, it is important to note that from the fifth version of Chaos ransomware builder, the crafted ransomware can successfully encrypt files larger than 2,117,152 bytes and no longer corrupts them.A known sample of Yashma ransomware has the following ransom note:All of your files have been encrypted with Yashma ransomwareYour computer was infected with a ransomware. Your files have been encrypted and you won’tbe able to decrypt them without our help.What can I do to get my files back?You can buy our specialdecryption software, this software will allow you to recover all of your data and remove theransomware from your computer.The price for the software is $1,500. Payment can be made in Bitcoin only.How do I pay, where do I get Bitcoin?Purchasing Bitcoin varies from country to country, you are best advised to do a quick google searchyourself to find out how to buy Bitcoin.Many of our customers have reported these sites to be fast and reliable:Coinmama – hxxps://www[.]coinmama[.]com Bitpanda – hxxps://www[.]bitpanda[.]comPayment informationAmount: 0.1473766 BTCBitcoin Address: [removed] At the time of this writing, the attacker’s bitcoin wallet has no transactions.FortiGuard Labs previously released several blogs on Chaos ransomware. See the Appendix for links to “Chaos Ransomware Variant Sides with Russia” and “Chaos Ransomware Variant in Fake Minecraft Alt List Brings Destruction to Japanese Gamers”.What is the Status of Coverage for Yashma ransomware?FortiGuard Labs provides the following AV coverage against a known sample of Yashma ransomware:MSIL/Filecoder.APU!tr.ransomWhat is GoodWill Ransomware?GoodWill ransomware was recently discovered, however it appears to have been first observed in March 2022. The ransomware encrypts files on the compromised machine and adds a “.gdwill” file extension to the affected files.Unlike other ransomware that demands ransom to recover the encrypted files, GoodWill asks the victim to do three good deeds. Firstly, the victim must provide clothes and blankets to needy people on the street. Secondly, the victim must feed dinner to five children at a pizza or fried chicken joint. Lastly, the victim must visit a local hospital and provide financial assistance to those in need. After finishing each deed, proof must be provided to the attacker, and a decryption tool and video instruction will be provided to the victim after completing all the deeds.What is the Status of Coverage for GoodWill ransomware?FortiGuard Labs provides the following AV coverage against GoodWill ransomware:MSIL/Filecoder.AGR!tr.ransomWhat is Horsemagyar Ransomware?Horsemagyar ransomware is a new variant of Sojusz ransomware that was recently discovered. It encrypts files on the compromised machine and adds “.[10 digit ID number].spanielearslook.likeoldboobs” file extension to the encrypted files. The ransomware leaves a ransom note as Horse.txt. The first sighting of Sojusz ransomware goes back to February, 2022 and it added a “.[10 digit ID number].[attacker’s email address].bec” extension to the files it encrypted.Example of ransom note left behind by Horsemagyar ransomware is below:::: Hello my dear friend :::Unfortunately for you, a major IT security weakness left you open to attack, your files have been encryptedIf you want to restore them,write to our skype – [removed] DECRYPTIONAlso you can write ICQ live chat which works 24/7 @[removed]Install ICQ software on your PC https://icq[.]com/windows/ or on your mobile phone search in Appstore / Google market ICQWrite to our ICQ @HORSEMAGYAR https://icq[.]im/[removed]If we not reply in 6 hours you can write to our mail but use it only if previous methods not working – [removed]@onionmail.orgAttention!* Do not rename encrypted files.* Do not try to decrypt your data using third party software, it may cause permanent data loss.* We are always ready to cooperate and find the best way to solve your problem.* The faster you write, the more favorable the conditions will be for you.* Our company values its reputation. We give all guarantees of your files decryption,such as test decryption some of themWe respect your time and waiting for respond from your sidetell your MachineID: MAHINE_ID and LaunchID: LAUNCH__IDSensitive data on your system was DOWNLOADED.If you DON’T WANT your sensitive data to be PUBLISHED you have to act quickly.Data includes:- Employees personal data, CVs, DL, SSN.- Complete network map including credentials for local and remote services.- Private financial information including: clients data, bills, budgets, annual reports, bank statements.- Manufacturing documents including: datagrams, schemas, drawings in solidworks format- And more…What is the Status of Coverage against Horsemagyar Ransomware?FortiGuard Labs provides the following AV coverage against Horsemagyar ransomware:W32/Filecoder.NSF!tr.ransomAnything Else to Note?Victims of ransomware are cautioned against paying ransoms by such organizations as CISA, NCSC, the FBI, and HHS. Payment does not guarantee files will be recovered. It may also embolden adversaries to target additional organizations, encourage other criminal actors to engage in the distribution of ransomware, and/or fund illicit activities which could potentially be illegal according to a U.S. Department of Treasury’s Office of Foreign Assets Control (OFAC) advisory.
CWE
CWE (Common Weakness Enumeration) is a list of common types of hardware and software defects that have security implications. The CWE list can be used as a framework to describe and communicate such vulnerabilities in terms of CWEs.
The goal is to support all those methods (including automatic ones) to control and prevent software errors. It can be used at the development stage, during the Code Review activity, and later on during the penetration test activity to classify and communicate the vulnerability type to developers. The system is at version 4.7 and contains over 600 categories of weaknesses and vulnerabilities
The CWE Top 25 Most Dangerous Software Weakness List is a list of the most common programming errors that can lead to software vulnerabilities. Vulnerabilities present in the CWE Top 25 are usually easy to detect and exploit. For example, the CWE-79 is related to Cross-Site Scripting while the CWE-89 to SQL Injection. A similar project is Top Ten Owasp (Open Web Application Security Project). Compared to the CWE Top 25, the Top Ten OWASP focuses solely on vulnerabilities of web applications.
The CWE Most Important Hardware Weakness List serves the same purpose, but it focuses on hardware defects.
Please check our post about Vulnerability Analysis to learn more about CWE usage.
Please find a list of all the CWE below or use the search box above to find a specific CWE.
-
CWE-1302 – Missing Security Identifier
Description The product implements a security identifier mechanism to differentiate what actions are allowed or disallowed when a transaction originates from an entity. A transaction is sent without a security identifier. Modes of Introduction: – Architecture and Design Related Weaknesses CWE-1294 Consequences Confidentiality, Integrity, Availability, Access Control: Modify Memory, Read Memory, DoS:…
-
CWE-1303 – Non-Transparent Sharing of Microarchitectural Resources
Description Hardware structures shared across execution contexts (e.g., caches and branch predictors) can violate the expected architecture isolation between contexts. Modes of Introduction: – Architecture and Design Related Weaknesses CWE-1189 CWE-203 Consequences Confidentiality: Read Application Data, Read Memory Microarchitectural side-channels have been used to leak specific information such as cryptographic keys, and…
-
CWE-1269 – Product Released in Non-Release Configuration
Description The product released to market is released in pre-production or manufacturing configuration. Modes of Introduction: – Implementation Related Weaknesses CWE-693 Consequences Confidentiality, Integrity, Availability, Access Control, Accountability, Authentication, Authorization, Non-Repudiation: Other Potential Mitigations Phase: Implementation Description: Ensure that there exists a marker for denoting the Manufacturing Complete stage and that…
-
CWE-127 – Buffer Under-read
Description The software reads from a buffer using buffer access mechanisms such as indexes or pointers that reference memory locations prior to the targeted buffer. This typically occurs when the pointer or its index is decremented to a position before the buffer, when pointer arithmetic results in a position before the beginning of the valid…
-
CWE-1270 – Generation of Incorrect Security Tokens
Description The product implements a Security Token mechanism to differentiate what actions are allowed or disallowed when a transaction originates from an entity. However, the Security Tokens generated in the system are incorrect. Modes of Introduction: – Architecture and Design Related Weaknesses CWE-284 CWE-1294 Consequences Confidentiality, Integrity, Availability, Access Control: Modify Files…
-
CWE-1271 – Uninitialized Value on Reset for Registers Holding Security Settings
Description Security-critical logic is not set to a known value on reset. Modes of Introduction: – Implementation Related Weaknesses CWE-665 Consequences Access Control, Authentication, Authorization: Varies by Context Potential Mitigations Phase: Implementation Description: Design checks should be performed to identify any uninitialized flip-flops used for security-critical functions. Phase: Architecture and Design…
-
CWE-1272 – Sensitive Information Uncleared Before Debug/Power State Transition
Description The product performs a power or debug state transition, but it does not clear sensitive information that should no longer be accessible due to changes to information access restrictions. Modes of Introduction: – Architecture and Design Related Weaknesses CWE-226 CWE-200 Consequences Confidentiality, Integrity, Availability, Access Control, Accountability, Authentication, Authorization, Non-Repudiation: Read…
-
CWE-1273 – Device Unlock Credential Sharing
Description The credentials necessary for unlocking a device are shared across multiple parties and may expose sensitive information. Modes of Introduction: – Integration Related Weaknesses CWE-200 Consequences Confidentiality, Integrity, Availability, Access Control, Accountability, Authentication, Authorization, Non-Repudiation: Modify Memory, Read Memory, Modify Files or Directories, Read Files or Directories, Modify Application Data, Execute…
-
CWE-1274 – Improper Access Control for Volatile Memory Containing Boot Code
Description The product conducts a secure-boot process that transfers bootloader code from Non-Volatile Memory (NVM) into Volatile Memory (VM), but it does not have sufficient access control or other protections for the Volatile Memory. Modes of Introduction: – Architecture and Design Related Weaknesses CWE-284 Consequences Access Control, Integrity: Modify Memory, Execute Unauthorized…
-
CWE-1276 – Hardware Child Block Incorrectly Connected to Parent System
Description Signals between a hardware IP and the parent system design are incorrectly connected causing security risks. Modes of Introduction: – Implementation Related Weaknesses CWE-284 Consequences Confidentiality, Integrity, Availability: Varies by Context Potential Mitigations Phase: Testing Description: System-level verification may be used to ensure that components are correctly connected and that…
-
CWE-1277 – Firmware Not Updateable
Description The product does not provide its users with the ability to update or patch its firmware to address any vulnerabilities or weaknesses that may be present. Without the ability to patch or update firmware, consumers will be left vulnerable to exploitation of any known vulnerabilities, or any vulnerabilities that are discovered in the future.…
-
CWE-1278 – Missing Protection Against Hardware Reverse Engineering Using Integrated Circuit (IC) Imaging Techniques
Description Information stored in hardware may be recovered by an attacker with the capability to capture and analyze images of the integrated circuit using techniques such as scanning electron microscopy. Modes of Introduction: – Architecture and Design Related Weaknesses CWE-693 Consequences Confidentiality: Varies by Context A common goal of malicious actors who…
-
CWE-1279 – Cryptographic Operations are run Before Supporting Units are Ready
Description Performing cryptographic operations without ensuring that the supporting inputs are ready to supply valid data may compromise the cryptographic result. Many cryptographic hardware units depend upon other hardware units to supply information to them to produce a securely encrypted result. For example, a cryptographic unit that depends on an external random-number-generator (RNG) unit for…
-
CWE-128 – Wrap-around Error
Description Wrap around errors occur whenever a value is incremented past the maximum value for its type and therefore “wraps around” to a very small, negative, or undefined value. Due to how addition is performed by computers, if a primitive is incremented past the maximum value possible for its storage space, the system will not…
-
CWE-1280 – Access Control Check Implemented After Asset is Accessed
Description A product’s hardware-based access control check occurs after the asset has been accessed. Modes of Introduction: – Implementation Related Weaknesses CWE-696 CWE-284 Consequences Access Control, Confidentiality, Integrity: Modify Memory, Read Memory, Modify Application Data, Read Application Data, Gain Privileges or Assume Identity, Bypass Protection Mechanism Potential Mitigations Phase: Implementation Description: …
-
CWE-1281 – Sequence of Processor Instructions Leads to Unexpected Behavior
Description Specific combinations of processor instructions lead to undesirable behavior such as locking the processor until a hard reset performed. Modes of Introduction: – Architecture and Design Related Weaknesses CWE-691 Consequences Integrity, Availability: Varies by Context Potential Mitigations Phase: Testing Description: Implement a rigorous testing strategy that incorporates randomization to explore…
-
CWE-1282 – Assumed-Immutable Data is Stored in Writable Memory
Description Immutable data, such as a first-stage bootloader, device identifiers, and “write-once” configuration settings are stored in writable memory that can be re-programmed or updated in the field. Modes of Introduction: – Implementation Related Weaknesses CWE-668 CWE-471 Consequences Integrity: Varies by Context Potential Mitigations Phase: Implementation Description: All immutable code or…
-
CWE-1283 – Mutable Attestation or Measurement Reporting Data
Description The register contents used for attestation or measurement reporting data to verify boot flow are modifiable by an adversary. Modes of Introduction: – Architecture and Design Related Weaknesses CWE-284 Consequences Confidentiality: Read Memory, Read Application Data Potential Mitigations Phase: Architecture and Design Description: CVE References
-
CWE-1284 – Improper Validation of Specified Quantity in Input
Description The product receives input that is expected to specify a quantity (such as size or length), but it does not validate or incorrectly validates that the quantity has the required properties. Modes of Introduction: – Implementation Related Weaknesses CWE-20 Consequences Other: Varies by Context Since quantities are used so often to…
-
CWE-1285 – Improper Validation of Specified Index, Position, or Offset in Input
Description The product receives input that is expected to specify an index, position, or offset into an indexable resource such as a buffer or file, but it does not validate or incorrectly validates that the specified index/position/offset has the required properties. Modes of Introduction: – Implementation Related Weaknesses CWE-20 Consequences Other: Varies…
-
CWE-1286 – Improper Validation of Syntactic Correctness of Input
Description The product receives input that is expected to be well-formed – i.e., to comply with a certain syntax – but it does not validate or incorrectly validates that the input complies with the syntax. Modes of Introduction: – Implementation Related Weaknesses CWE-20 Consequences Other: Varies by Context Potential Mitigations Phase:…
-
CWE-1250 – Improper Preservation of Consistency Between Independent Representations of Shared State
Description The product has or supports multiple distributed components or sub-systems that are each required to keep their own local copy of shared data – such as state or cache – but the product does not ensure that all local copies remain consistent with each other. Modes of Introduction: Related Weaknesses CWE-664 …
-
CWE-1251 – Mirrored Regions with Different Values
Description The product’s architecture mirrors regions without ensuring that their contents always stay in sync. Modes of Introduction: Related Weaknesses CWE-1250 Consequences Confidentiality, Integrity, Availability, Access Control, Accountability, Authentication, Authorization, Non-Repudiation: Varies by Context Potential Mitigations Phase: Architecture and Design Effectiveness: Moderate Description: CVE References
-
CWE-1252 – CPU Hardware Not Configured to Support Exclusivity of Write and Execute Operations
Description The CPU is not configured to provide hardware support for exclusivity of write and execute operations on memory. This allows an attacker to execute data from all of memory. Modes of Introduction: – Architecture and Design Related Weaknesses CWE-284 Consequences Confidentiality, Integrity: Execute Unauthorized Code or Commands Potential Mitigations Phase:…
-
CWE-1253 – Incorrect Selection of Fuse Values
Description The logic level used to set a system to a secure state relies on a fuse being unblown. An attacker can set the system to an insecure state merely by blowing the fuse. Modes of Introduction: – Architecture and Design Related Weaknesses CWE-693 Consequences Access Control, Authorization: Bypass Protection Mechanism, Gain…
-
CWE-1254 – Incorrect Comparison Logic Granularity
Description The product’s comparison logic is performed over a series of steps rather than across the entire string in one operation. If there is a comparison logic failure on one of these steps, the operation may be vulnerable to a timing attack that can result in the interception of the process for nefarious purposes. Modes…
-
CWE-1255 – Comparison Logic is Vulnerable to Power Side-Channel Attacks
Description A device’s real time power consumption may be monitored during security token evaluation and the information gleaned may be used to determine the value of the reference token. Modes of Introduction: – Architecture and Design Related Weaknesses CWE-1300 CWE-1259 Consequences Confidentiality, Integrity, Availability, Access Control, Accountability, Authentication, Authorization, Non-Repudiation: Modify Memory,…
-
CWE-1256 – Improper Restriction of Software Interfaces to Hardware Features
Description The product provides software-controllable device functionality for capabilities such as power and clock management, but it does not properly limit functionality that can lead to modification of hardware memory or register bits, or the ability to observe physical side channels. Modes of Introduction: – Architecture and Design Related Weaknesses CWE-285 Consequences…
-
CWE-1257 – Improper Access Control Applied to Mirrored or Aliased Memory Regions
Description Aliased or mirrored memory regions in hardware designs may have inconsistent read/write permissions enforced by the hardware. A possible result is that an untrusted agent is blocked from accessing a memory region but is not blocked from accessing the corresponding aliased memory region. Modes of Introduction: – Architecture and Design Related Weaknesses…
-
CWE-1258 – Exposure of Sensitive System Information Due to Uncleared Debug Information
Description The hardware does not fully clear security-sensitive values, such as keys and intermediate values in cryptographic operations, when debug mode is entered. Modes of Introduction: – Architecture and Design Related Weaknesses CWE-212 CWE-200 Consequences Confidentiality: Read Memory Access Control: Bypass Protection Mechanism Potential Mitigations Phase: Architecture and Design Description: CVE…
-
CWE-1259 – Improper Restriction of Security Token Assignment
Description The System-On-A-Chip (SoC) implements a Security Token mechanism to differentiate what actions are allowed or disallowed when a transaction originates from an entity. However, the Security Tokens are improperly protected. Systems-On-A-Chip (Integrated circuits and hardware engines) implement Security Tokens to differentiate and identify which actions originated from which agent. These actions may be one…
-
CWE-126 – Buffer Over-read
Description The software reads from a buffer using buffer access mechanisms such as indexes or pointers that reference memory locations after the targeted buffer. This typically occurs when the pointer or its index is incremented to a position beyond the bounds of the buffer or when pointer arithmetic results in a position outside of the…
-
CWE-1260 – Improper Handling of Overlap Between Protected Memory Ranges
Description The product allows address regions to overlap, which can result in the bypassing of intended memory protection. Modes of Introduction: – Architecture and Design Related Weaknesses CWE-284 CWE-119 Consequences Confidentiality, Integrity, Availability: Modify Memory, Read Memory, DoS: Instability Potential Mitigations Phase: Architecture and Design Description: Phase: Implementation Effectiveness: High Description: …
-
CWE-1261 – Improper Handling of Single Event Upsets
Description The hardware logic does not effectively handle when single-event upsets (SEUs) occur. Modes of Introduction: – Architecture and Design Related Weaknesses CWE-1384 CWE-1254 Consequences Availability, Access Control: DoS: Crash, Exit, or Restart, DoS: Instability, Gain Privileges or Assume Identity, Bypass Protection Mechanism Potential Mitigations Phase: Architecture and Design Description: Phase:…
-
CWE-1262 – Improper Access Control for Register Interface
Description The product uses memory-mapped I/O registers that act as an interface to hardware functionality from software, but there is improper access control to those registers. Modes of Introduction: – Architecture and Design Related Weaknesses CWE-284 Consequences Confidentiality, Integrity: Read Memory, Read Application Data, Modify Memory, Modify Application Data, Gain Privileges or…
-
CWE-1263 – Improper Physical Access Control
Description The product is designed with access restricted to certain information, but it does not sufficiently protect against an unauthorized actor with physical access to these areas. Sections of a product intended to have restricted access may be inadvertently or intentionally rendered accessible when the implemented physical protections are insufficient. The specific requirements around how…
-
CWE-1264 – Hardware Logic with Insecure De-Synchronization between Control and Data Channels
Description The hardware logic for error handling and security checks can incorrectly forward data before the security check is complete. Modes of Introduction: – Architecture and Design Related Weaknesses CWE-821 CWE-1037 Consequences Confidentiality: Read Memory, Read Application Data Potential Mitigations Phase: Architecture and Design Description: CVE References CVE-2017-5754 Systems with microprocessors…
-
CWE-1265 – Unintended Reentrant Invocation of Non-reentrant Code Via Nested Calls
Description During execution of non-reentrant code, the software performs a call that unintentionally produces a nested invocation of the non-reentrant code. In complex software, a single function call may lead to many different possible code paths, some of which may involve deeply nested calls. It may be difficult to foresee all possible code paths that…
-
CWE-1266 – Improper Scrubbing of Sensitive Data from Decommissioned Device
Description The product does not properly provide a capability for the product administrator to remove sensitive data at the time the product is decommissioned. A scrubbing capability could be missing, insufficient, or incorrect. Modes of Introduction: – Architecture and Design Related Weaknesses CWE-404 Consequences Confidentiality: Read Memory Potential Mitigations Phase: Architecture…
-
CWE-1267 – Policy Uses Obsolete Encoding
Description The product uses an obsolete encoding mechanism to implement access controls. Modes of Introduction: – Architecture and Design Related Weaknesses CWE-284 Consequences Confidentiality, Integrity, Availability, Access Control: Modify Memory, Read Memory, Modify Files or Directories, Read Files or Directories, DoS: Resource Consumption (Other), Execute Unauthorized Code or Commands, Gain Privileges or…
-
CWE-1268 – Policy Privileges are not Assigned Consistently Between Control and Data Agents
Description The product’s hardware-enforced access control for a particular resource improperly accounts for privilege discrepancies between control and write policies. Modes of Introduction: – Architecture and Design Related Weaknesses CWE-284 Consequences Confidentiality, Integrity, Availability, Access Control: Modify Memory, Read Memory, DoS: Crash, Exit, or Restart, Execute Unauthorized Code or Commands, Gain Privileges…
-
CWE-1231 – Improper Prevention of Lock Bit Modification
Description The product uses a trusted lock bit for restricting access to registers, address regions, or other resources, but the product does not prevent the value of the lock bit from being modified after it has been set. Modes of Introduction: – Architecture and Design Related Weaknesses CWE-284 Consequences Access Control: Modify…
-
CWE-1232 – Improper Lock Behavior After Power State Transition
Description Register lock bit protection disables changes to system configuration once the bit is set. Some of the protected registers or lock bits become programmable after power state transitions (e.g., Entry and wake from low power sleep modes) causing the system configuration to be changeable. Modes of Introduction: – Architecture and Design Related…
-
CWE-1233 – Security-Sensitive Hardware Controls with Missing Lock Bit Protection
Description The product uses a register lock bit protection mechanism, but it does not ensure that the lock bit prevents modification of system registers or controls that perform changes to important hardware system configuration. Modes of Introduction: – Architecture and Design Related Weaknesses CWE-284 CWE-667 Consequences Access Control: Modify Memory System Configuration…
-
CWE-1234 – Hardware Internal or Debug Modes Allow Override of Locks
Description System configuration protection may be bypassed during debug mode. Modes of Introduction: – Architecture and Design Related Weaknesses CWE-667 Consequences Access Control: Bypass Protection Mechanism Bypass of lock bit allows access and modification of system configuration even when the lock bit is set. Potential Mitigations Phase: Architecture and Design, Implementation,…
-
CWE-1235 – Incorrect Use of Autoboxing and Unboxing for Performance Critical Operations
Description The code uses boxed primitives, which may introduce inefficiencies into performance-critical operations. Modes of Introduction: – Implementation Related Weaknesses CWE-400 Consequences Availability: DoS: Resource Consumption (CPU), DoS: Resource Consumption (Memory), DoS: Resource Consumption (Other), Reduce Performance Incorrect autoboxing/unboxing would result in reduced performance, which sometimes can lead to resource consumption issues.…
-
CWE-1236 – Improper Neutralization of Formula Elements in a CSV File
Description The software saves user-provided information into a Comma-Separated Value (CSV) file, but it does not neutralize or incorrectly neutralizes special elements that could be interpreted as a command when the file is opened by spreadsheet software. User-provided data is often saved to traditional databases. This data can be exported to a CSV file, which…
-
CWE-1239 – Improper Zeroization of Hardware Register
Description The hardware product does not properly clear sensitive information from built-in registers when the user of the hardware block changes. Hardware logic operates on data stored in registers local to the hardware block. Most hardware IPs, including cryptographic accelerators, rely on registers to buffer I/O, store intermediate values, and interface with software. The result…
-
CWE-124 – Buffer Underwrite (‘Buffer Underflow’)
Description The software writes to a buffer using an index or pointer that references a memory location prior to the beginning of the buffer. This typically occurs when a pointer or its index is decremented to a position before the buffer, when pointer arithmetic results in a position before the beginning of the valid memory…
-
CWE-1240 – Use of a Cryptographic Primitive with a Risky Implementation
Description To fulfill the need for a cryptographic primitive, the product implements a cryptographic algorithm using a non-standard, unproven, or disallowed/non-compliant cryptographic implementation. Modes of Introduction: – Architecture and Design Related Weaknesses CWE-327 Consequences Confidentiality: Read Application Data Incorrect usage of crypto primitives could render the supposedly encrypted data as unencrypted plaintext…
-
CWE-1241 – Use of Predictable Algorithm in Random Number Generator
Description The device uses an algorithm that is predictable and generates a pseudo-random number. Modes of Introduction: – Architecture and Design Related Weaknesses CWE-330 Consequences Confidentiality: Read Application Data Potential Mitigations Phase: Architecture and Design Description: A true random number generator should be specified for cryptographic algorithms. Phase: Implementation Description: A…
-
CWE-1242 – Inclusion of Undocumented Features or Chicken Bits
Description The device includes chicken bits or undocumented features that can create entry points for unauthorized actors. Modes of Introduction: – Architecture and Design Related Weaknesses CWE-284 Consequences Confidentiality, Integrity, Availability, Access Control: Modify Memory, Read Memory, Execute Unauthorized Code or Commands, Gain Privileges or Assume Identity, Bypass Protection Mechanism Potential…
-
CWE-1243 – Sensitive Non-Volatile Information Not Protected During Debug
Description Access to security-sensitive information stored in fuses is not limited during debug. Modes of Introduction: – Architecture and Design Related Weaknesses CWE-1263 Consequences Confidentiality, Access Control: Modify Memory, Bypass Protection Mechanism Potential Mitigations Phase: Architecture and Design, Implementation Description: CVE References
-
CWE-1244 – Internal Asset Exposed to Unsafe Debug Access Level or State
Description The product uses physical debug or test interfaces with support for multiple access levels, but it assigns the wrong debug access level to an internal asset, providing unintended access to the asset from untrusted debug agents. Modes of Introduction: – Architecture and Design Related Weaknesses CWE-863 Consequences Confidentiality: Read Memory Integrity:…
-
CWE-1245 – Improper Finite State Machines (FSMs) in Hardware Logic
Description Faulty finite state machines (FSMs) in the hardware logic allow an attacker to put the system in an undefined state, to cause a denial of service (DoS) or gain privileges on the victim’s system. Modes of Introduction: – Architecture and Design Related Weaknesses CWE-684 Consequences Availability, Access Control: Unexpected State, DoS:…
-
CWE-1246 – Improper Write Handling in Limited-write Non-Volatile Memories
Description The product does not implement or incorrectly implements wear leveling operations in limited-write non-volatile memories. Modes of Introduction: – Architecture and Design Related Weaknesses CWE-664 Consequences Availability: DoS: Instability Potential Mitigations Phase: Architecture and Design, Implementation, Testing Effectiveness: High Description: Include secure wear leveling algorithms and ensure they may not…
-
CWE-1247 – Improper Protection Against Voltage and Clock Glitches
Description The device does not contain or contains incorrectly implemented circuitry or sensors to detect and mitigate voltage and clock glitches and protect sensitive information or software contained on the device. Modes of Introduction: – Operation Related Weaknesses CWE-1384 Consequences Confidentiality, Integrity, Availability, Access Control: Gain Privileges or Assume Identity, Bypass Protection…
-
CWE-1248 – Semiconductor Defects in Hardware Logic with Security-Sensitive Implications
Description The security-sensitive hardware module contains semiconductor defects. Modes of Introduction: – Manufacturing Related Weaknesses CWE-693 Consequences Availability, Access Control: DoS: Instability Potential Mitigations Phase: Testing Description: Phase: Operation Description: CVE References
-
CWE-125 – Out-of-bounds Read
Description The software reads data past the end, or before the beginning, of the intended buffer. Typically, this can allow attackers to read sensitive information from other memory locations or cause a crash. A crash can occur when the code reads a variable amount of data and assumes that a sentinel exists to stop the…
-
CWE-1188 – Insecure Default Initialization of Resource
Description The software initializes or sets a resource with a default that is intended to be changed by the administrator, but the default is not secure. Modes of Introduction: Related Weaknesses CWE-665 CWE-665 Consequences Potential Mitigations CVE References
-
CWE-1189 – Improper Isolation of Shared Resources on System-on-a-Chip (SoC)
Description The System-On-a-Chip (SoC) does not properly isolate shared resources between trusted and untrusted agents. Modes of Introduction: – Architecture and Design Related Weaknesses CWE-653 CWE-668 CWE-1331 Consequences Access Control: Bypass Protection Mechanism If resources being used by a trusted user are shared with an untrusted user, the untrusted user may be…
-
CWE-119 – Improper Restriction of Operations within the Bounds of a Memory Buffer
Description The software performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer. Modes of Introduction: – Architecture and Design Likelihood of Exploit: High Related Weaknesses CWE-118 CWE-20 Consequences Integrity, Confidentiality, Availability: Execute Unauthorized Code…
-
CWE-1190 – DMA Device Enabled Too Early in Boot Phase
Description The product enables a Direct Memory Access (DMA) capable device before the security configuration settings are established, which allows an attacker to extract data from or gain privileges on the product. Modes of Introduction: – Architecture and Design Related Weaknesses CWE-696 Consequences Access Control: Bypass Protection Mechanism, Modify Memory DMA devices…
-
CWE-1191 – On-Chip Debug and Test Interface With Improper Access Control
Description The chip does not implement or does not correctly perform access control to check whether users are authorized to access internal registers and test modes through the physical debug/test interface. Modes of Introduction: – Architecture and Design Related Weaknesses CWE-284 Consequences Confidentiality: Read Application Data Confidentiality: Read Memory Authorization: Execute Unauthorized…
-
CWE-1192 – System-on-Chip (SoC) Using Components without Unique, Immutable Identifiers
Description The System-on-Chip (SoC) does not have unique, immutable identifiers for each of its components. Modes of Introduction: – Architecture and Design Related Weaknesses CWE-657 Consequences Access Control: Bypass Protection Mechanism Potential Mitigations Phase: Architecture and Design Description: CVE References
-
CWE-1193 – Power-On of Untrusted Execution Core Before Enabling Fabric Access Control
Description The product enables components that contain untrusted firmware before memory and fabric access controls have been enabled. Modes of Introduction: Related Weaknesses CWE-696 Consequences Access Control: Bypass Protection Mechanism An untrusted component can master transactions on the HW bus and target memory or other assets to compromise the SoC boot firmware.…
-
CWE-12 – ASP.NET Misconfiguration: Missing Custom Error Page
Description An ASP .NET application must enable custom error pages in order to prevent attackers from mining information from the framework’s built-in responses. The mode attribute of the tag defines whether custom or default error pages are used. Modes of Introduction: – Implementation Related Weaknesses CWE-756 Consequences Confidentiality: Read Application Data Default…
-
CWE-120 – Buffer Copy without Checking Size of Input (‘Classic Buffer Overflow’)
Description The program copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow. A buffer overflow condition exists when a program attempts to put more data in a buffer than it can hold, or…
-
CWE-1204 – Generation of Weak Initialization Vector (IV)
Description The product uses a cryptographic primitive that uses an Initialization Vector (IV), but the product does not generate IVs that are sufficiently unpredictable or unique according to the expected cryptographic requirements for that primitive. By design, some cryptographic primitives (such as block ciphers) require that IVs must have certain properties for the uniqueness and/or…
-
CWE-1209 – Failure to Disable Reserved Bits
Description The reserved bits in a hardware design are not disabled prior to production. Typically, reserved bits are used for future capabilities and should not support any functional logic in the design. However, designers might covertly use these bits to debug or further develop new capabilities in production hardware. Adversaries with access to these bits…
-
CWE-121 – Stack-based Buffer Overflow
Description A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function). There are generally several security-critical data on an execution stack that can lead to arbitrary code execution. The most prominent is the stored return…
-
CWE-122 – Heap-based Buffer Overflow
Description A heap overflow condition is a buffer overflow, where the buffer that can be overwritten is allocated in the heap portion of memory, generally meaning that the buffer was allocated using a routine such as malloc(). Modes of Introduction: – Architecture and Design Likelihood of Exploit: High Related Weaknesses CWE-788 CWE-787 …
-
CWE-1220 – Insufficient Granularity of Access Control
Description The product implements access controls via a policy or other feature with the intention to disable or restrict accesses (reads and/or writes) to assets in a system from untrusted agents. However, implemented access controls lack required granularity, which renders the control policy too broad because it allows accesses from unauthorized agents to the security-sensitive…
-
CWE-1221 – Incorrect Register Defaults or Module Parameters
Description Hardware description language code incorrectly defines register defaults or hardware IP parameters to insecure values. Modes of Introduction: – Implementation Related Weaknesses CWE-665 Consequences Confidentiality, Integrity, Availability, Access Control: Varies by Context Degradation of system functionality, or loss of access control enforcement can occur. Potential Mitigations Phase: Architecture and Design…
-
CWE-1222 – Insufficient Granularity of Address Regions Protected by Register Locks
Description The product defines a large address region protected from modification by the same register lock control bit. This results in a conflict between the functional requirement that some addresses need to be writable by software during operation and the security requirement that the system configuration lock bit must be set during the boot process.…
-
CWE-1223 – Race Condition for Write-Once Attributes
Description A write-once register in hardware design is programmable by an untrusted software component earlier than the trusted software component, resulting in a race condition issue. Modes of Introduction: – Architecture and Design Related Weaknesses CWE-362 Consequences Access Control: Bypass Protection Mechanism System configuration cannot be programmed in a secure way. …
-
CWE-1224 – Improper Restriction of Write-Once Bit Fields
Description The hardware design control register “sticky bits” or write-once bit fields are improperly implemented, such that they can be reprogrammed by software. Modes of Introduction: – Architecture and Design Related Weaknesses CWE-284 Consequences Confidentiality, Integrity, Availability, Access Control: Varies by Context System configuration cannot be programmed in a secure way. …
-
CWE-1229 – Creation of Emergent Resource
Description The product manages resources or behaves in a way that indirectly creates a new, distinct resource that can be used by attackers in violation of the intended policy. Modes of Introduction: Related Weaknesses CWE-664 Consequences Potential Mitigations CVE References
-
CWE-123 – Write-what-where Condition
Description Any condition where the attacker has the ability to write an arbitrary value to an arbitrary location, often as the result of a buffer overflow. Modes of Introduction: – Implementation Likelihood of Exploit: High Related Weaknesses CWE-787 CWE-119 CWE-119 Consequences Integrity, Confidentiality, Availability, Access Control: Modify Memory, Execute Unauthorized Code or…
-
CWE-1120 – Excessive Code Complexity
Description The code is too complex, as calculated using a well-defined, quantitative measure. Modes of Introduction: Related Weaknesses CWE-710 Consequences Other: Reduce Maintainability Other: Reduce Performance Potential Mitigations CVE References
-
CWE-1121 – Excessive McCabe Cyclomatic Complexity
Description The code contains McCabe cyclomatic complexity that exceeds a desirable maximum. Modes of Introduction: Related Weaknesses CWE-1120 Consequences Potential Mitigations CVE References
-
CWE-1122 – Excessive Halstead Complexity
Description The code is structured in a way that a Halstead complexity measure exceeds a desirable maximum. Modes of Introduction: Related Weaknesses CWE-1120 Consequences Other: Reduce Maintainability Potential Mitigations CVE References
-
CWE-1124 – Excessively Deep Nesting
Description The code contains a callable or other code grouping in which the nesting / branching is too deep. Modes of Introduction: Related Weaknesses CWE-1120 Consequences Other: Reduce Maintainability Potential Mitigations CVE References
-
CWE-1125 – Excessive Attack Surface
Description The product has an attack surface whose quantitative measurement exceeds a desirable maximum. Modes of Introduction: Related Weaknesses CWE-1120 Consequences Potential Mitigations CVE References
-
CWE-1126 – Declaration of Variable with Unnecessarily Wide Scope
Description The source code declares a variable in one scope, but the variable is only used within a narrower scope. Modes of Introduction: Related Weaknesses CWE-710 Consequences Other: Reduce Maintainability Potential Mitigations CVE References
-
CWE-1127 – Compilation with Insufficient Warnings or Errors
Description The code is compiled without sufficient warnings enabled, which may prevent the detection of subtle bugs or quality issues. Modes of Introduction: – Build and Compilation Related Weaknesses CWE-710 Consequences Other: Reduce Maintainability Potential Mitigations CVE References
-
CWE-113 – Improper Neutralization of CRLF Sequences in HTTP Headers (‘HTTP Response Splitting’)
Description The software receives data from an upstream component, but does not neutralize or incorrectly neutralizes CR and LF characters before the data is included in outgoing HTTP headers. Modes of Introduction: – Implementation Related Weaknesses CWE-93 CWE-79 CWE-20 Consequences Integrity, Access Control: Modify Application Data, Gain Privileges or Assume Identity CR…
-
CWE-114 – Process Control
Description Executing commands or loading libraries from an untrusted source or in an untrusted environment can cause an application to execute malicious commands (and payloads) on behalf of an attacker. Process control vulnerabilities take two forms: 1. An attacker can change the command that the program executes: the attacker explicitly controls what the command is.…
-
CWE-115 – Misinterpretation of Input
Description The software misinterprets an input, whether from an attacker or another product, in a security-relevant fashion. Modes of Introduction: – Architecture and Design Related Weaknesses CWE-436 Consequences Integrity: Unexpected State Potential Mitigations CVE References CVE-2005-2225 Product sees dangerous file extension in free text of a group discussion, disconnects all users.…
-
CWE-116 – Improper Encoding or Escaping of Output
Description The software prepares a structured message for communication with another component, but encoding or escaping of the data is either missing or done incorrectly. As a result, the intended structure of the message is not preserved. Modes of Introduction: – Architecture and Design Likelihood of Exploit: High Related Weaknesses CWE-707 CWE-74 …
-
CWE-1164 – Irrelevant Code
Description The program contains code that is not essential for execution, i.e. makes no state changes and has no side effects that alter data or control flow, such that removal of the code would have no impact to functionality or correctness. Modes of Introduction: Related Weaknesses CWE-710 Consequences Other: Reduce Reliability Other:…
-
CWE-117 – Improper Output Neutralization for Logs
Description The software does not neutralize or incorrectly neutralizes output that is written to logs. Applications typically use log files to store a history of events or transactions for later review, statistics gathering, or debugging. Depending on the nature of the application, the task of reviewing log files may be performed manually on an as-needed…
-
CWE-1173 – Improper Use of Validation Framework
Description The application does not use, or incorrectly uses, an input validation framework that is provided by the source language or an independent library. Many modern coding languages provide developers with input validation frameworks to make the task of input validation easier and less error-prone. These frameworks will automatically check all input against specified criteria…
-
CWE-1174 – ASP.NET Misconfiguration: Improper Model Validation
Description The ASP.NET application does not use, or incorrectly uses, the model validation framework. Modes of Introduction: – Architecture and Design Related Weaknesses CWE-1173 Consequences Integrity: Unexpected State Unchecked input leads to cross-site scripting, process control, and SQL injection vulnerabilities, among others. Potential Mitigations CVE References
-
CWE-1176 – Inefficient CPU Computation
Description The program performs CPU computations using algorithms that are not as efficient as they could be for the needs of the developer, i.e., the computations can be optimized further. Modes of Introduction: – Architecture and Design Related Weaknesses CWE-405 Consequences Availability: DoS: Resource Consumption (CPU) Other: Reduce Performance Potential Mitigations…
-
CWE-1177 – Use of Prohibited Code
Description The software uses a function, library, or third party component that has been explicitly prohibited, whether by the developer or the customer. Modes of Introduction: – Architecture and Design Related Weaknesses CWE-710 Consequences Other: Reduce Maintainability Potential Mitigations CVE References
USN-5450-1: Subversion vulnerabilities
Evgeny Kotkov discovered that subversion servers did not properly follow
path-based authorization rules in certain cases. An attacker could
potentially use this issue to retrieve information about private paths.
(CVE-2021-28544)
Thomas Weißschuh discovered that subversion servers did not properly handle
memory in certain configurations. A remote attacker could potentially use
this issue to cause a denial of service or other unspecified impact.
(CVE-2022-24070)