CWE-1253 - Incorrect Selection of Fuse Values
CWE-1253
- Abstraction:
- Base
- Structure:
- Simple
- Status:
- Draft
- Weakness Name
Incorrect Selection of Fuse Values
- Description
The logic level used to set a system to a secure state relies on a fuse being unblown. An attacker can set the system to an insecure state merely by blowing the fuse.
Fuses are often used to store secret data, including security configuration data. When not blown, a fuse is considered to store a logic 0, and, when blown, it indicates a logic 1. Fuses are generally considered to be one-directional, i.e., once blown to logic 1, it cannot be reset to logic 0. However, if the logic used to determine system-security state (by leveraging the values sensed from the fuses) uses negative logic, an attacker might blow the fuse and drive the system to an insecure state.
- Common Consequences
Scope: Access Control, Authorization
Impact: Bypass Protection Mechanism, Gain Privileges or Assume Identity
Scope: Availability
Impact: DoS: Crash, Exit, or Restart
Scope: Confidentiality
Impact: Read Memory
Scope: Integrity
Impact: Modify Memory, Execute Unauthorized Code or Commands
- Related Weaknesses
- Release Date:
- 2020-02-24
- Latest Modification Date:
- 2023-06-29
Free security scan for your website