CWE-1253 - Incorrect Selection of Fuse Values

Description: The logic level used to set a system to a secure state relies on a fuse being unblown. An attacker can set the system to an insecure state merely by blowing the fuse.
Fuses are often used to store secret data, including security configuration data. When not blown, a fuse is considered to store a logic 0, and, when blown, it indicates a logic 1. Fuses are generally considered to be one-directional, i.e., once blown to logic 1, it cannot be reset to logic 0. However, if the logic used to determine system-security state (by leveraging the values sensed from the fuses) uses negative logic, an attacker might blow the fuse and drive the system to an insecure state.

Common Consequences: Scope: Access Control, Authorization
Impact: Bypass Protection Mechanism, Gain Privileges or Assume Identity
Scope: Availability
Impact: DoS: Crash, Exit, or Restart
Scope: Confidentiality
Impact: Read Memory
Scope: Integrity
Impact: Modify Memory, Execute Unauthorized Code or Commands

Free security scan for your website

Don't show website scan report rating on the leaderboard

The logic level used to set a system to a secure state relies on a fuse being unblown. An attacker can set the system to an insecure state merely by blowing the fuse.