CWE-1328 – Security Version Number Mutable to Older Versions

Read Time:37 Second

Description

Security-version number in hardware is mutable, resulting in the ability to downgrade (roll-back) the boot firmware to vulnerable code versions.

Modes of Introduction:

– Architecture and Design

 

 

Related Weaknesses

CWE-285
CWE-757

 

Consequences

Confidentiality, Integrity, Authentication, Authorization: Other

Impact includes roll-back or downgrade to a vulnerable version of the firmware or DoS (prevent upgrades).

 

Potential Mitigations

Phase: Architecture and Design

Description: 

When architecting the system, security version data should be designated for storage in registers that are either read-only or have access controls that prevent modification by an untrusted agent.

Phase: Implementation

Description: 

During implementation and test, security version data should be demonstrated to be read-only and access controls should be validated.

CVE References