Tag Archives: CWE- 1317

CWE-1317 – Missing Security Checks in Fabric Bridge

Read Time:47 Second

Description

A bridge that is connected to a fabric without security features forwards transactions to the slave without checking the privilege level of the master. Similarly, it does not check the hardware identity of the transaction received from the slave interface of the bridge.

Modes of Introduction:

– Architecture and Design

 

 

Related Weaknesses

CWE-284

 

Consequences

Confidentiality, Integrity, Access Control, Availability: DoS: Crash, Exit, or Restart, Bypass Protection Mechanism, Read Memory, Modify Memory

 

Potential Mitigations

Phase: Architecture and Design

Description: 

Design includes provisions for access-control checks in the bridge for both upstream and downstream transactions.

Phase: Implementation

Description: 

Implement access-control checks in the bridge for both upstream and downstream transactions.

CVE References

  • CVE-2019-6260
    • Baseboard Management Controller (BMC) device implements Advanced High-performance Bus (AHB) bridges that do not require authentication for arbitrary read and write access to the BMC’s physical address space from the host, and possibly the network [REF-1138].