CWE-1318 - Missing Support for Security Features in On-chip Fabrics or Buses

Read Time:35 Second

Description

On-chip fabrics or buses either do not support or are not configured to support privilege separation or other security features, such as access control.

Modes of Introduction:

– Architecture and Design

Related Weaknesses

CWE-693

Consequences

Confidentiality, Integrity, Access Control, Availability: DoS: Crash, Exit, or Restart, Read Memory, Modify Memory

Potential Mitigations

Phase: Architecture and Design

Description:

If fabric does not support security features, implement security checks in a bridge or any component that is between the master and the fabric. Alternatively, connect all fabric slaves that do not have any security assets under one such fabric and connect peripherals with security assets to a different fabric that supports security features.

CVE References

InCWE- 1318, Missing Support for Security Features in On-chip Fabrics or Buses

The Most Dangerous Vulnerabilities in Apache Tomcat and How to Protect Against Them

Apache Tomcat is an open-source web server and servlet container that is widely used in enterprise environments to run Java...

rocco

February 19, 2023February 19, 2023

ZDI-CAN-18333: A Critical Zero-Day Vulnerability in Microsoft Windows

Zero-day vulnerabilities are a serious threat to cybersecurity, as they can be exploited by malicious actors to gain unauthorized access...

rocco

February 19, 2023February 19, 2023

CWE-669 – Incorrect Resource Transfer Between Spheres

Description The product does not properly transfer a resource/behavior to another sphere, or improperly imports a resource/behavior from another sphere,...

rocco

May 26, 2022