CAPEC Related Weakness
Accessing Functionality Not Properly Constrained by ACLs
CWE-276 Incorrect Default Permissions
CWE-285 Improper Authorization
CWE-434 Unrestricted Upload of File with Dangerous Type
CWE-693 Protection Mechanism Failure
CWE-732 Incorrect Permission Assignment for Critical Resource
CWE-1191 Exposed Chip Debug and Test Interface With Insufficient or Missing Authorization
CWE-1193 Power-On of Untrusted Execution Core Before Enabling Fabric Access Control
CWE-1220 Insufficient Granularity of Access Control
CWE-1224 Improper Restriction of Write-Once Bit Fields
CWE-1244 Improper Access to Sensitive Information Using Debug and Test Interfaces
CWE-1252 CPU Hardware Not Configured to Support Exclusivity of Write and Execute Operations
CWE-1257 Improper Access Control Applied to Mirrored or Aliased Memory Regions
CWE-1262 Register Interface Allows Software Access to Sensitive Data or Security Settings
CWE-1268 Policy Privileges are not Assigned Consistently Between Control and Data Agents
CWE-1282 Assumed-Immutable Data is Stored in Writable Memory
CWE-1283 Mutable Attestation or Measurement Reporting Data
CWE-1297 Unprotected Confidential Information on Device is Accessible by OSAT Vendors
CWE-1299 Missing Protection Mechanism for Alternate Hardware Interface
CWE-1302 Missing Security Identifier
CWE-1311 Improper Translation of Security Attributes by Fabric Bridge
CWE-1312 Missing Protection for Mirrored Regions in On-Chip Fabric Firewall
CWE-1313 Hardware Allows Activation of Test or Debug Logic at Runtime
CWE-1314 Missing Write Protection for Parametric Data Values
CWE-1315 Improper Setting of Bus Controlling Capability in Fabric End-point
CWE-1318 Missing Support for Security Features in On-chip Fabrics or Buses
CWE-1320 Improper Protection for Out of Bounds Signal Level Alerts
CWE-1321 Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
CWE-1326 Missing Immutable Root of Trust in Hardware
CWE-1327 Binding to an Unrestricted IP Address
Privilege Abuse
CWE-269 Improper Privilege Management
CWE-732 Incorrect Permission Assignment for Critical Resource
CWE-1317 Missing Security Checks in Fabric Bridge
Directory Indexing
CWE-276 Incorrect Default Permissions
CWE-285 Improper Authorization
CWE-288 Authentication Bypass Using an Alternate Path or Channel
CWE-424 Improper Protection of Alternate Path
CWE-425 Direct Request ('Forced Browsing')
CWE-693 Protection Mechanism Failure
CWE-732 Incorrect Permission Assignment for Critical Resource
Using Malicious Files
CWE-59 Improper Link Resolution Before File Access ('Link Following')
CWE-270 Privilege Context Switching Error
CWE-272 Least Privilege Violation
CWE-282 Improper Ownership Management
CWE-285 Improper Authorization
CWE-693 Protection Mechanism Failure
CWE-732 Incorrect Permission Assignment for Critical Resource
Exploiting Incorrectly Configured Access Control Security Levels
CWE-732 Incorrect Permission Assignment for Critical Resource
CWE-1190 DMA Device Enabled Too Early in Boot Phase
CWE-1191 Exposed Chip Debug and Test Interface With Insufficient or Missing Authorization
CWE-1193 Power-On of Untrusted Execution Core Before Enabling Fabric Access Control
CWE-1220 Insufficient Granularity of Access Control
CWE-1222 Insufficient Granularity of Address Regions Protected by Register Locks
CWE-1224 Improper Restriction of Write-Once Bit Fields
CWE-1231 Improper Implementation of Lock Protection Registers
CWE-1233 Improper Hardware Lock Protection for Security Sensitive Controls
CWE-1234 Hardware Internal or Debug Modes Allow Override of Locks
CWE-1244 Improper Access to Sensitive Information Using Debug and Test Interfaces
CWE-1252 CPU Hardware Not Configured to Support Exclusivity of Write and Execute Operations
CWE-1257 Improper Access Control Applied to Mirrored or Aliased Memory Regions
CWE-1259 Improper Restriction of Security Token Assignment
CWE-1260 Improper Handling of Overlap Between Protected Memory Ranges
CWE-1262 Register Interface Allows Software Access to Sensitive Data or Security Settings
CWE-1267 Policy Uses Obsolete Encoding
CWE-1270 Generation of Incorrect Security Tokens
CWE-1274 Insufficient Protections on the Volatile Memory Containing Boot Code
CWE-1280 Access Control Check Implemented After Asset is Accessed
CWE-1282 Assumed-Immutable Data is Stored in Writable Memory
CWE-1294 Insecure Security Identifier Mechanism
CWE-1296 Incorrect Chaining or Granularity of Debug Components
CWE-1297 Unprotected Confidential Information on Device is Accessible by OSAT Vendors
CWE-1299 Missing Protection Mechanism for Alternate Hardware Interface
CWE-1311 Improper Translation of Security Attributes by Fabric Bridge
CWE-1313 Hardware Allows Activation of Test or Debug Logic at Runtime
CWE-1315 Improper Setting of Bus Controlling Capability in Fabric End-point
CWE-1316 Fabric-Address Map Allows Programming of Unwarranted Overlaps of Protected and Unprotected Ranges
CWE-1318 Missing Support for Security Features in On-chip Fabrics or Buses
CWE-1320 Improper Protection for Out of Bounds Signal Level Alerts
CWE-1321 Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
CWE-1326 Missing Immutable Root of Trust in Hardware
Signing Malicious Code
CWE-732 Incorrect Permission Assignment for Critical Resource
Hijacking a privileged process
CWE-648 Incorrect Use of Privileged APIs
CWE-732 Incorrect Permission Assignment for Critical Resource
Reusing Session IDs (aka Session Replay)
CWE-200 Exposure of Sensitive Information to an Unauthorized Actor
CWE-285 Improper Authorization
CWE-290 Authentication Bypass by Spoofing
CWE-294 Authentication Bypass by Capture-replay
CWE-346 Origin Validation Error
CWE-384 Session Fixation
CWE-488 Exposure of Data Element to Wrong Session
CWE-539 Use of Persistent Cookies Containing Sensitive Information
CWE-664 Improper Control of a Resource Through its Lifetime
CWE-732 Incorrect Permission Assignment for Critical Resource
Session Fixation
CWE-384 Session Fixation
CWE-664 Improper Control of a Resource Through its Lifetime
CWE-732 Incorrect Permission Assignment for Critical Resource
Cross Site Request Forgery
CWE-306 Missing Authentication for Critical Function
CWE-352 Cross-Site Request Forgery (CSRF)
CWE-664 Improper Control of a Resource Through its Lifetime
CWE-732 Incorrect Permission Assignment for Critical Resource
CWE-1275 Sensitive Cookie with Improper SameSite Attribute
Replace Binaries
CWE-732 Incorrect Permission Assignment for Critical Resource