Tag Archives: CWE- 1253

CWE-1253 – Incorrect Selection of Fuse Values

Read Time:33 Second

Description

The logic level used to set a system to a secure state relies on a fuse being unblown. An attacker can set the system to an insecure state merely by blowing the fuse.

Modes of Introduction:

– Architecture and Design

 

 

Related Weaknesses

CWE-693

 

Consequences

Access Control, Authorization: Bypass Protection Mechanism, Gain Privileges or Assume Identity

Availability: DoS: Crash, Exit, or Restart

Confidentiality: Read Memory

Integrity: Modify Memory, Execute Unauthorized Code or Commands

 

Potential Mitigations

Phase: Architecture and Design

Description: 

Logic should be designed in a way that blown fuses do not put the product into an insecure state that can be leveraged by an attacker.

CVE References