CWE-1247 – Improper Protection Against Voltage and Clock Glitches

Read Time:30 Second

Description

The device does not contain or contains incorrectly implemented circuitry or sensors to detect and mitigate voltage and clock glitches and protect sensitive information or software contained on the device.

Modes of Introduction:

– Operation

 

 

Related Weaknesses

CWE-1384

 

Consequences

Confidentiality, Integrity, Availability, Access Control: Gain Privileges or Assume Identity, Bypass Protection Mechanism, Read Memory, Modify Memory, Execute Unauthorized Code or Commands

 

Potential Mitigations

Phase: Architecture and Design, Implementation

Description: 

CVE References

  • CVE-2019-17391
    • Lack of anti-glitch protections allows an attacker to launch a physical attack to bypass the secure boot and read protected eFuses.