Tag Archives: CWE- 1292

CWE-1292 – Incorrect Conversion of Security Identifiers

Read Time:33 Second

Description

The product implements a conversion mechanism to map certain bus-transaction signals to security identifiers. However, if the conversion is incorrectly implemented, untrusted agents can gain unauthorized access to the asset.

Modes of Introduction:

– Architecture and Design

 

 

Related Weaknesses

CWE-284
CWE-1294

 

Consequences

Confidentiality, Integrity, Availability, Access Control: Modify Memory, Read Memory, DoS: Resource Consumption (Other), Execute Unauthorized Code or Commands, Gain Privileges or Assume Identity, Quality Degradation

 

Potential Mitigations

Phase: Architecture and Design

Description: 

Security identifier decoders must be reviewed for design inconsistency and common weaknesses.

Phase: Implementation

Description: 

Access and programming flows must be tested in pre-silicon and post-silicon testing.

CVE References