Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-1244 — Vulnerability Class 10

10 vulnerabilities classified as CWE-1244. AI Chinese analysis included.

CWE-1244 represents a configuration weakness where internal system assets are incorrectly assigned to an overly permissive debug access level, exposing them to untrusted debug agents. This vulnerability typically arises when developers fail to restrict physical debug interfaces, such as JTAG or SWD, to appropriate security states during production. Attackers exploit this misconfiguration by connecting unauthorized hardware debuggers to the device, bypassing standard authentication mechanisms to read sensitive memory, extract cryptographic keys, or modify firmware. To prevent this, developers must enforce strict hardware security features, such as enabling readout protection or locking debug ports after manufacturing. Additionally, implementing secure boot processes and ensuring that debug interfaces are physically disabled or logically restricted in production builds are critical measures to mitigate the risk of unintended access to critical internal assets.

MITRE CWE Description
The product uses physical debug or test interfaces with support for multiple access levels, but it assigns the wrong debug access level to an internal asset, providing unintended access to the asset from untrusted debug agents. Debug authorization can have multiple levels of access, defined such that different system internal assets are accessible based on the current authorized debug level. Other than debugger authentication (e.g., using passwords or challenges), the authorization can also be based on the system state or boot stage. For example, full system debug access might only be allowed early in boot after a system reset to ensure that previous session data is not accessible to the authenticated debugger.
Common Consequences (3)
ConfidentialityRead Memory
If a protection mechanism does not ensure that internal assets have the correct debug access level during each boot stage or change in system state, an attacker could obtain sensitive information from the internal asset using a debugger.
IntegrityModify Memory
Authorization, Access ControlGain Privileges or Assume Identity, Bypass Protection Mechanism
Mitigations (3)
Architecture and Design, ImplementationFor security-sensitive assets accessible over debug/test interfaces, only allow trusted agents.
Effectiveness: High
Architecture and DesignApply blinding [REF-1219] or masking techniques in strategic areas.
Effectiveness: Limited
ImplementationAdd shielding or tamper-resistant protections to the device, which increases the difficulty and cost for accessing debug/test interfaces.
Effectiveness: Limited
Examples (2)
The JTAG interface is used to perform debugging and provide CPU core access for developers. JTAG-access protection is implemented as part of the JTAG_SHIELD bit in the hw_digctl_ctrl register. This register has no default value at power up and is set only after the system boots from ROM and control is transferred to the user software.
1 bit 0x0 = JTAG debugger is enabled (default) JTAG_SHIELD 0x1 = JTAG debugger is disabled
Bad · Other
The default value of this register bit should be set to 1 to prevent the JTAG from being enabled at system reset.
Informative
The example code below is taken from the CVA6 processor core of the HACK@DAC'21 buggy OpenPiton SoC. Debug access allows users to access internal hardware registers that are otherwise not exposed for user access or restricted access through access control protocols. Hence, requests to enter debug mode are checked and authorized only if the processor has sufficient privileges. In addition, debug ac…
module csr_regfile #( ... // check that we actually want to enter debug depending on the privilege level we are currently in unique case (priv_lvl_o) riscv::PRIV_LVL_M: begin debug_mode_d = dcsr_q.ebreakm; ... riscv::PRIV_LVL_U: begin debug_mode_d = dcsr_q.ebreaku; ... assign priv_lvl_o = (debug_mode_q || umode_i) ?  riscv::PRIV_LVL_M : priv_lvl_q; ... debug_mode_q  <= debug_mode_d; ...
Bad · Verilog
module csr_regfile #( ... // check that we actually want to enter debug depending on the privilege level we are currently in unique case (priv_lvl_o) riscv::PRIV_LVL_M: begin debug_mode_d = dcsr_q.ebreakm; ... riscv::PRIV_LVL_U: begin debug_mode_d = dcsr_q.ebreaku; ... assign priv_lvl_o = (debug_mode_q && umode_i) ? riscv::PRIV_LVL_M : priv_lvl_q; ... debug_mode_q  <= debug_mode_d; ...
Good · Verilog
CVE IDTitleCVSSSeverityPublished
CVE-2025-36755 CleverDisplay BlueOne unauthorized BIOS access through physical USB keyboard — BlueOne (CleverDisplay Hardware Player) 2.4AILowAI2025-12-12
CVE-2025-42878 Sensitive Data Exposure in SAP Web Dispatcher and Internet Communication Manager (ICM) — SAP Web Dispatcher and Internet Communication Manager (ICM) 8.2 High2025-12-09
CVE-2025-23337 NVIDIA多款产品 安全漏洞 — HGX GB200, HGX GB300, HGC B300 6.7 Medium2025-09-17
CVE-2025-23302 NVIDIA DGX和NVIDIA HGX 安全漏洞 — HGX, DGX Hopper 4.2 Medium2025-09-04
CVE-2025-23301 NVIDIA DGX和NVIDIA HGX 安全漏洞 — HGX, DGX Hopper 4.2 Medium2025-09-04
CVE-2025-20238 Cisco Secure Firewall Adaptive Security Appliance和Cisco Secure Firewall Threat Defense 安全漏洞 — Cisco Adaptive Security Appliance (ASA) Software 6.0 Medium2025-08-14
CVE-2025-23252 NVIDIA NVDebug tool 安全漏洞 — NVDebug tool 4.5 Medium2025-06-18
CVE-2024-0114 NVIDIA Hopper HGX 8-GPU 安全漏洞 — NVIDIA Hopper HGX 8-GPU 8.1 High2025-03-05
CVE-2022-32259 Siemens SINEMA Remote Connect Server 安全漏洞 — SINEMA Remote Connect Server 6.5 Medium2022-06-14
CVE-2020-5372 Dell EMC PowerStore 安全漏洞 — PowerStore 8.6 High2020-07-06

Vulnerabilities classified as CWE-1244 represent 10 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.