CWE-1334 – Unauthorized Error Injection Can Degrade Hardware Redundancy

Read Time:43 Second

Description

An unauthorized agent can inject errors into a redundant block to deprive the system of redundancy or put the system in a degraded operating mode.

Modes of Introduction:

– Architecture and Design

 

 

Related Weaknesses

CWE-284

 

Consequences

Integrity, Availability: DoS: Crash, Exit, or Restart, DoS: Instability, Quality Degradation, DoS: Resource Consumption (CPU), DoS: Resource Consumption (Memory), DoS: Resource Consumption (Other), Reduce Performance, Reduce Reliability, Unexpected State

 

Potential Mitigations

Phase: Architecture and Design

Description: 

Ensure the design does not allow error injection in modes intended for normal run-time operation. Provide access controls on interfaces for injecting errors.

Phase: Implementation

Description: 

Disallow error injection in modes which are expected to be used for normal run-time operation. Provide access controls on interfaces for injecting errors.

Phase: Integration

Description: 

Add an access control layer atop any unprotected interfaces for injecting errors.

CVE References

CWE-1333 – Inefficient Regular Expression Complexity

Read Time:1 Minute, 29 Second

Description

The product uses a regular expression with an inefficient, possibly exponential worst-case computational complexity that consumes excessive CPU cycles.

Some regular expression engines have a feature called “backtracking”. If the token cannot match, the engine “backtracks” to a position that may result in a different token that can match.
Backtracking becomes a weakness if all of these conditions are met:

Modes of Introduction:

– Implementation

 

Likelihood of Exploit: High

 

Related Weaknesses

CWE-407
CWE-185

 

Consequences

Availability: DoS: Resource Consumption (CPU)

 

Potential Mitigations

Phase: Architecture and Design

Effectiveness: High

Description: 

Use regular expressions that do not support backtracking, e.g. by removing nested quantifiers.

This is one of the few effective solutions when using user-provided regular expressions.

Phase: System Configuration

Effectiveness: Moderate

Description: 

Set backtracking limits in the configuration of the regular expression implementation, such as PHP’s pcre.backtrack_limit. Also consider limits on execution time for the process.

Phase: Implementation

Effectiveness: High

Description: 

Do not use regular expressions with untrusted input. If regular expressions must be used, avoid using backtracking in the expression.

Phase: Implementation

Effectiveness: Moderate

Description: 

Limit the length of the input that the regular expression will process.

CVE References

  • CVE-2020-5243
    • server allows ReDOS with crafted User-Agent strings, due to overlapping capture groups that cause excessive backtracking.
  • CVE-2019-16215
    • Markdown parser uses inefficient regex when processing a message, allowing users to cause CPU consumption and delay preventing processing of other messages.
  • CVE-2019-6785
    • Long string in a version control product allows DoS due to an inefficient regex.
  • CVE-2019-12041
    • Javascript code allows ReDoS via a long string due to excessive backtracking.

CWE-1332 – Improper Handling of Faults that Lead to Instruction Skips

Read Time:1 Minute, 13 Second

Description

The device is missing or incorrectly implements circuitry or sensors that detect and mitigate the skipping of security-critical CPU instructions when they occur.

Modes of Introduction:

– Architecture and Design

 

 

Related Weaknesses

CWE-1384
CWE-1247

 

Consequences

Confidentiality, Integrity, Authentication: Bypass Protection Mechanism, Alter Execution Logic, Unexpected State

Depending on the context, instruction skipping can
have a broad range of consequences related to the
generic bypassing of security critical code.

 

Potential Mitigations

Phase: Architecture and Design

Description: 

Design strategies for ensuring safe failure if
inputs such as Vcc are modified out of acceptable
ranges.

Phase: Architecture and Design

Description: 

Design strategies for ensuring safe behavior if
instructions attempt to be skipped.

Phase: Architecture and Design

Description: 

Identify mission critical secrets that should
be wiped if faulting is detected, and design a
mechanism to do the deletion.

Phase: Implementation

Description: 

Add redundancy by performing an operation
multiple times, either in space or time, and perform
majority voting. Additionally, make conditional
instruction timing unpredictable.

Phase: Implementation

Description: 

Use redundant operations or canaries to
detect faults.

Phase: Implementation

Description: 

Ensure that fault mitigations are strong enough
in practice. For example, a low power detection
mechanism that takes 50 clock cycles to trigger at lower
voltages may be an insufficient security mechanism if
the instruction counter has already progressed with no
other CPU activity occurring.

CVE References

  • CVE-2019-15894
    • fault injection attack bypasses the verification mode, potentially allowing arbitrary code execution.

CWE-1331 – Improper Isolation of Shared Resources in Network On Chip (NoC)

Read Time:35 Second

Description

The Network On Chip (NoC) does not isolate or incorrectly isolates its on-chip-fabric and internal resources such that they are shared between trusted and untrusted agents, creating timing channels.

Modes of Introduction:

– Architecture and Design

 

 

Related Weaknesses

CWE-653
CWE-668
CWE-1189

 

Consequences

Confidentiality, Availability: DoS: Resource Consumption (Other), Varies by Context, Other

Attackers may infer data that belongs to a trusted agent; the methods used to perform this attack may result in noticeably increased resource consumption.

 

Potential Mitigations

Phase: Architecture and Design, Implementation

Description: 

Implement priority-based arbitration inside the NoC and have dedicated buffers or virtual channels for routing secret data from trusted agents.

CVE References

CWE-1330 – Remanent Data Readable after Memory Erase

Read Time:38 Second

Description

Confidential information stored in memory circuits is readable or recoverable after being cleared or erased.

Modes of Introduction:

– Architecture and Design

 

 

Related Weaknesses

CWE-1301
CWE-1301

 

Consequences

Confidentiality: Modify Memory, Read Memory

Confidential data are readable to untrusted agent.

 

Potential Mitigations

Phase: Architecture and Design

Description: 

CVE References

  • CVE-2019-8575
    • Firmware Data Deletion Vulnerability in which a base station factory reset might not delete all user information. The impact of this enables a new owner of a used device that has been “factory-default reset” with a vulnerable firmware version can still retrieve, at least, the previous owner’s wireless network name, and the previous owner’s wireless security (such as WPA2) key. This issue was addressed with improved, data deletion.

CWE-1329 – Reliance on Component That is Not Updateable

Read Time:1 Minute, 27 Second

Description

The product contains a component that cannot be updated or patched in order to remove vulnerabilities or significant bugs.

Modes of Introduction:

– Requirements

 

 

Related Weaknesses

CWE-1357
CWE-664

 

Consequences

Confidentiality, Integrity, Access Control, Authentication, Authorization, Other: Gain Privileges or Assume Identity, Bypass Protection Mechanism, Execute Unauthorized Code or Commands, DoS: Crash, Exit, or Restart, Quality Degradation, Reduce Maintainability

If an attacker can identify an exploitable vulnerability in one product that has no means of patching, the attack may be used against all affected versions of that product.

 

Potential Mitigations

Phase: Requirements

Description: 

Specify requirements that each component should be updateable, including ROM, firmware, etc.

Phase: Architecture and Design

Description: 

Design the product to allow for updating of its components. Include the external infrastructure that might be necessary to support updates, such as distribution servers.

Phase: Architecture and Design, Implementation

Effectiveness: Moderate

Description: 

With hardware, support patches that can be programmed in-field or during manufacturing through hardware fuses. This feature can be used for limited patching of devices after shipping, or for the next batch of silicon devices manufactured, without changing the full device ROM.

Some parts of the hardware initialization or signature verification done to authenticate patches will always be “not patchable.” Hardware-fuse-based patches will also have limitations in terms of size and the number of patches that can be supported.

Phase: Implementation

Description: 

Implement the necessary functionality to allow each component to be updated.

CVE References

  • CVE-2020-9054
    • Chain: network-attached storage (NAS) device has a critical OS command injection (CWE-78) vulnerability that is actively exploited to place IoT devices into a botnet, but some products are “end-of-support” and cannot be patched (CWE-1277). [REF-1097]

CWE-1328 – Security Version Number Mutable to Older Versions

Read Time:37 Second

Description

Security-version number in hardware is mutable, resulting in the ability to downgrade (roll-back) the boot firmware to vulnerable code versions.

Modes of Introduction:

– Architecture and Design

 

 

Related Weaknesses

CWE-285
CWE-757

 

Consequences

Confidentiality, Integrity, Authentication, Authorization: Other

Impact includes roll-back or downgrade to a vulnerable version of the firmware or DoS (prevent upgrades).

 

Potential Mitigations

Phase: Architecture and Design

Description: 

When architecting the system, security version data should be designated for storage in registers that are either read-only or have access controls that prevent modification by an untrusted agent.

Phase: Implementation

Description: 

During implementation and test, security version data should be demonstrated to be read-only and access controls should be validated.

CVE References

CWE-1327 – Binding to an Unrestricted IP Address

Read Time:25 Second

Description

The product assigns the address 0.0.0.0 for a database server, a cloud service/instance, or any computing resource that communicates remotely.

Modes of Introduction:

– System Configuration

 

 

Related Weaknesses

CWE-668

 

Consequences

Availability: DoS: Amplification

 

Potential Mitigations

Phase: System Configuration

Effectiveness: High

Description: 

Assign IP addresses that are not 0.0.0.0.

Phase: System Configuration

Effectiveness: High

Description: 

Unwanted connections to the configured server may be denied through a firewall or other packet filtering measures.

CVE References

CWE-1326 – Missing Immutable Root of Trust in Hardware

Read Time:31 Second

Description

A missing immutable root of trust in the hardware results in the ability to bypass secure boot or execute untrusted or adversarial boot code.

Modes of Introduction:

– Architecture and Design

 

 

Related Weaknesses

CWE-693

 

Consequences

Authentication, Authorization: Gain Privileges or Assume Identity, Execute Unauthorized Code or Commands, Modify Memory

 

Potential Mitigations

Phase: Architecture and Design

Description: 

When architecting the system, the RoT should be designated for storage in a memory that does not allow further programming/writes.

Phase: Implementation

Description: 

During implementation and test, the RoT memory location should be demonstrated to not allow further programming/writes.

CVE References

CWE-1325 – Improperly Controlled Sequential Memory Allocation

Read Time:1 Minute, 20 Second

Description

The product manages a group of objects or resources and performs a separate memory allocation for each object, but it does not properly limit the total amount of memory that is consumed by all of the combined objects.

Modes of Introduction:

– Implementation

 

 

Related Weaknesses

CWE-770
CWE-789
CWE-476

 

Consequences

Availability: DoS: Resource Consumption (Memory)

Not controlling memory allocation can result in a request for too much system memory, possibly leading to a crash of the application due to out-of-memory conditions, or the consumption of a large amount of memory on the system.

 

Potential Mitigations

Phase: Implementation

Description: 

Ensure multiple allocations of the same kind of object are properly tracked – possibly across multiple sessions, requests, or messages. Define an appropriate strategy for handling requests that exceed the limit, and consider supporting a configuration option so that the administrator can extend the amount of memory to be used if necessary.

Phase: Operation

Description: 

Run the program using system-provided resource limits for memory. This might still cause the program to crash or exit, but the impact to the rest of the system will be minimized.

CVE References

  • CVE-2020-36049
    • JavaScript-based packet decoder uses concatenation of many small strings, causing out-of-memory (OOM) condition
  • CVE-2019-20176
    • Product allocates a new buffer on the stack for each file in a directory, allowing stack exhaustion
  • CVE-2013-1591
    • Chain: an integer overflow (CWE-190) in the image size calculation causes an infinite loop (CWE-835) which sequentially allocates buffers without limits (CWE-1325) until the stack is full.