CAPEC-680: Exploitation of Improperly Controlled Registers

Description
<p>An adversary exploits missing or incorrectly configured access control within registers to read/write data that is not meant to be obtained or modified by a user.<p>
Extended Description

Hardware systems often utilize trusted lock bits to prevent a set of registers from being written to or to restrict a register to only being written to once. Registers are also frequently used to store sensitive data leveraged in additional security operations, such as secure booting, authenticating code, device attestation, and more. However, the access control mechanisms meant to protect these registers may be fully missing or ineffective due to misconfiguration. If an adversary is able to discover improper access controls surrounding registers, it could result in the adversary obtaining sensitive data and/or modifying data that is meant to be immutable. This can ultimately result in processes like secure boot being circumvented or in protected configurations being modified.

Severity :

High

Possibility :

Medium

Type :

Detailed
Relationships with other CAPECs

This table shows the other attack patterns and high level categories that are related to this attack pattern.

CAPEC-1: Accessing Functionality Not Properly Constrained by ACLs Accessing Functionality Not Properly Constrained by ACLs CAPEC-180: Exploiting Incorrectly Configured Access Control Security Levels Exploiting Incorrectly Configured Access Control Security Levels
Prerequisites

This table shows the other attack patterns and high level categories that are related to this attack pattern.

  • Awareness of the hardware being leveraged.
  • Access to the hardware being leveraged.
Skills required

This table shows the other attack patterns and high level categories that are related to this attack pattern.

  • High Intricate knowledge of registers.
Taxonomy mappings

Mappings to ATT&CK, OWASP and other frameworks.

Related CWE

A Related Weakness relationship associates a weakness with this attack pattern. Each association implies a weakness that must exist for a given attack to be successful.

CWE-1224: Improper Restriction of Write-Once Bit Fields

CWE-1231: Improper Prevention of Lock Bit Modification

CWE-1233: Security-Sensitive Hardware Controls with Missing Lock Bit Protection

CWE-1262: Improper Access Control for Register Interface

CWE-1283: Mutable Attestation or Measurement Reporting Data

Visit http://capec.mitre.org/ for more details.