Description
An unauthorized agent can inject errors into a redundant block to deprive the system of redundancy or put the system in a degraded operating mode.
Modes of Introduction:
– Architecture and Design
Related Weaknesses
CWE-284
Consequences
Integrity, Availability: DoS: Crash, Exit, or Restart, DoS: Instability, Quality Degradation, DoS: Resource Consumption (CPU), DoS: Resource Consumption (Memory), DoS: Resource Consumption (Other), Reduce Performance, Reduce Reliability, Unexpected State
Potential Mitigations
Phase: Architecture and Design
Description:
Ensure the design does not allow error injection in modes intended for normal run-time operation. Provide access controls on interfaces for injecting errors.
Phase: Implementation
Description:
Disallow error injection in modes which are expected to be used for normal run-time operation. Provide access controls on interfaces for injecting errors.
Phase: Integration
Description:
Add an access control layer atop any unprotected interfaces for injecting errors.
CVE References
