logo

CWE-1328 - Security Version Number Mutable to Older Versions

CWE-1328

  • Abstraction:
  • Base
  • Structure:
  • Simple
  • Status:
  • Draft
Weakness Name

Security Version Number Mutable to Older Versions

Description

Security-version number in hardware is mutable, resulting in the ability to downgrade (roll-back) the boot firmware to vulnerable code versions.

A System-on-Chip (SoC) implements secure boot or verified boot. It might support a security version number, which prevents downgrading the current firmware to a vulnerable version. Once downgraded to a previous version, an adversary can launch exploits on the SoC and thus compromise the security of the SoC. These downgrade attacks are also referred to as roll-back attacks. The security version number must be stored securely and persistently across power-on resets. A common weakness is that the security version number is modifiable by an adversary, allowing roll-back or downgrade attacks or, under certain circumstances, preventing upgrades (i.e. Denial-of-Service on upgrades). In both cases, the SoC is in a vulnerable state.

Common Consequences

Scope: Confidentiality, Integrity, Authentication, Authorization

Impact: Other

Notes: Impact includes roll-back or downgrade to a vulnerable version of the firmware or DoS (prevent upgrades).

Related Weaknesses
  • Release Date:
  • 2020-12-10
  • Latest Modification Date:
  • 2023-06-29

Free security scan for your website