CWE-1299 Base Borrador

Missing Protection Mechanism for Alternate Hardware Interface

This vulnerability occurs when a hardware component's security controls only protect the primary access path, leaving alternate interfaces unprotected. Attackers can bypass intended restrictions by…

Definición

What is CWE-1299?

This vulnerability occurs when a hardware component's security controls only protect the primary access path, leaving alternate interfaces unprotected. Attackers can bypass intended restrictions by accessing sensitive assets through these unguarded backdoors, such as shadow registers or other external-facing ports.
Modern chips and Systems-on-Chip (SoCs) often contain multiple access paths to critical internal registers—through interfaces like PCIe, USB, UART, or SMBus. If access controls are only enforced on one primary interface (e.g., PCIe), an attacker can simply route malicious transactions through an alternate, unprotected interface (like UART or USB) to modify or read protected registers, completely bypassing the intended security layer. Another common bypass involves shadow or mirror registers, which are duplicate registers that temporarily hold data before syncing with a main register. These are often implemented for performance or debugging purposes. If these shadow registers lack the same access protections as their primary counterparts, attackers can directly target them to alter system state, compromise security configurations, or leak sensitive information, effectively undermining the chip's entire protection scheme.
Impacto en el mundo real

Real-world CVEs caused by CWE-1299

  • CVE-2022-38399

    Missing protection mechanism on serial connection allows for arbitrary OS command execution.

  • CVE-2020-9285

    Mini-PCI Express slot does not restrict direct memory access.

  • CVE-2020-8004

    When the internal flash is protected by blocking access on the Data Bus (DBUS), it can still be indirectly accessed through the Instruction Bus (IBUS).

  • CVE-2017-18293

    When GPIO is protected by blocking access to corresponding GPIO resource registers, protection can be bypassed by writing to the corresponding banked GPIO registers instead.

  • CVE-2020-15483

    monitor device allows access to physical UART debug port without authentication

Cómo lo explotan los atacantes

Ruta del atacante paso a paso

  1. 1

    Identifica una ruta de código que maneje entrada no confiable sin validación.

  2. 2

    Crea un payload que ejercite el comportamiento inseguro — inyección, traversal, overflow o abuso de lógica.

  3. 3

    Envía el payload a través de una solicitud normal y observa la reacción de la aplicación.

  4. 4

    Itera hasta que la respuesta filtre datos, ejecute código del atacante o escale privilegios.

Ejemplo de código vulnerable

Vulnerable Verilog

Vulnerable Verilog 
assign addr_auth = (address == 32'hF00) ? 1: 0;
Ejemplo de código seguro

Secure Verilog

The bugged line of code is repeated in the Bad example above. The weakness arises from the fact that the SECURE_ME register can be modified by writing to the shadow register COPY_OF_SECURE_ME. The address of COPY_OF_SECURE_ME should also be included in the check. That buggy line of code should instead be replaced as shown in the Good Code Snippet below.

Seguro Verilog 
assign addr_auth = (address == 32'hF00 || address == 32'h800F00) ? 1: 0;
What changed: the unsafe sink is replaced (or the input is validated/escaped) so the same payload no longer triggers the weakness.
Lista de prevención

How to prevent CWE-1299

  • Requirements Protect assets from accesses against all potential interfaces and alternate paths.
  • Architecture and Design Protect assets from accesses against all potential interfaces and alternate paths.
  • Implementation Protect assets from accesses against all potential interfaces and alternate paths.
Señales de detección

How to detect CWE-1299

SAST High

Ejecuta análisis estático (SAST) sobre el código buscando el patrón inseguro en el flujo de datos.

DAST Moderate

Ejecuta pruebas dinámicas de seguridad de aplicaciones (DAST) contra el endpoint en vivo.

Runtime Moderate

Vigila los logs en tiempo de ejecución para detectar trazas de excepción inusuales, entradas malformadas o intentos de bypass de autorización.

Code review Moderate

Revisión de código: marca cualquier código nuevo que maneje entrada desde esta superficie sin usar los helpers validados del framework.

Auto-corrección de Plexicus

Plexicus detecta automáticamente CWE-1299 y abre un PR de corrección en menos de 60 segundos.

Codex Remedium escanea cada commit, identifica esta debilidad concreta y entrega un pull request listo para revisión con el parche. Sin tickets. Sin traspasos.

Solicitar demo Probar Plexicus gratis
Preguntas frecuentes

Frequently asked questions

¿Qué es CWE-1299?

This vulnerability occurs when a hardware component's security controls only protect the primary access path, leaving alternate interfaces unprotected. Attackers can bypass intended restrictions by accessing sensitive assets through these unguarded backdoors, such as shadow registers or other external-facing ports.

¿Qué gravedad tiene CWE-1299?

MITRE no ha publicado una calificación de probabilidad de explotación para esta debilidad. Trátala como de impacto medio hasta que tu modelo de amenazas demuestre lo contrario.

¿Qué lenguajes o plataformas se ven afectados por CWE-1299?

MITRE lists the following affected platforms: Not OS-Specific, Not Architecture-Specific, Microcontroller Hardware, Processor Hardware, Bus/Interface Hardware, Not Technology-Specific.

¿Cómo puedo prevenir CWE-1299?

Protect assets from accesses against all potential interfaces and alternate paths. Protect assets from accesses against all potential interfaces and alternate paths.

¿Cómo detecta y corrige Plexicus CWE-1299?

El motor SAST de Plexicus detecta la firma de flujo de datos para CWE-1299 en cada commit. Cuando hay coincidencia, nuestro agente Codex Remedium abre un PR de corrección con el código corregido, las pruebas y un resumen de una línea para el revisor.

¿Dónde puedo aprender más sobre CWE-1299?

MITRE publica la definición canónica en https://cwe.mitre.org/data/definitions/1299.html. También puedes consultar la documentación de OWASP y NIST para guías relacionadas.

Debilidades relacionadas

Weaknesses related to CWE-1299

CWE-420 Padre

Unprotected Alternate Channel

This vulnerability occurs when an application secures its main communication path but leaves a backup or alternative channel with weaker…

CWE-421 Hermano

Race Condition During Access to Alternate Channel

A race condition occurs when an application opens a secondary communication channel intended for an authorized user, but fails to secure…

CWE-422 Hermano

Unprotected Windows Messaging Channel ('Shatter')

This vulnerability, often called a 'Shatter' attack, occurs when a Windows application running with high privileges accepts messages from…

CWE-1191 Par

On-Chip Debug and Test Interface With Improper Access Control

This vulnerability occurs when a hardware chip's debug or test interface (like JTAG) lacks proper access controls. Without correct…

Recursos

Further reading

Listo cuando tú lo estés

Deja de pagar por desarrollador.
Empieza a cerrar el bucle.

Plexicus es el ASPM nativo de IA que escanea, filtra, corrige, pentestea y explica — de forma autónoma. Desarrolladores ilimitados, repos ilimitados, acciones de IA de uso justo. Nivel gratuito real, €269/mo anual cuando estés listo.

Comenzar gratis Reservar una demo