Read Time:34 Second

Description

The bridge incorrectly translates security attributes from either trusted to untrusted or from untrusted to trusted when converting from one fabric protocol to another.

Modes of Introduction:

– Architecture and Design

 

 

Related Weaknesses

CWE-284

 

Consequences

Confidentiality, Integrity, Access Control: Modify Memory, Read Memory, Gain Privileges or Assume Identity, Bypass Protection Mechanism, Execute Unauthorized Code or Commands

 

Potential Mitigations

Phase: Architecture and Design

Description: 

The translation must map signals in such a way that untrusted agents cannot map to trusted agents or vice-versa.

Phase: Implementation

Description: 

Ensure that the translation maps signals in such a way that untrusted agents cannot map to trusted agents or vice-versa.

CVE References