目标达成 感谢每一位支持者 — 我们达成了 100% 目标!

目标: 1000 元 · 已筹: 1325

100%
请我们喝杯咖啡

CWE-1259 类漏洞列表 6

CWE-1259 类弱点 6 条 CVE 漏洞汇总,含 AI 中文分析。

CWE-1259 属于安全令牌分配不当漏洞,常见于片上系统(SoC)。攻击者通常通过窃取或伪造未受妥善保护的令牌,冒充合法实体执行未授权操作,从而绕过访问控制。开发者应避免在传输或存储过程中明文暴露令牌,实施严格的加密保护与完整性校验,并限制令牌的生命周期与作用范围,确保仅授权实体能使用有效凭证。

MITRE CWE 官方描述
CWE:CWE-1259 安全令牌(Security Token)分配限制不当 英文:片上系统(SoC)实现了一种安全令牌(Security Token)机制,用于区分当交易源自某一实体时,哪些操作是被允许或禁止的。然而,安全令牌(Security Tokens)未得到妥善保护。 片上系统(集成芯片和硬件引擎)实现安全令牌(Security Tokens)以区分和识别哪些操作源自哪个代理(agent)。这些操作可能是以下指令之一:“读取”(read)、“写入”(write)、“编程”(program)、“重置”(reset)、“获取”(fetch)、“计算”(compute)等。安全令牌(Security Tokens)被分配给系统中能够生成操作或从其他代理接收操作的每个代理(agent)。一个代理(agent)可能被分配多个安全令牌(Security Tokens),并且这些令牌可能基于代理(agent)的信任级别或允许的权限而具有唯一性。由于安全令牌(Security Tokens)对于维护片上系统(SoC)的安全性至关重要,因此需要对其进行妥善保护。影响安全令牌(Security Tokens)的一个常见弱点是对分配给受信任组件的限制不当。
常见影响 (1)
Confidentiality, Integrity, Availability, Access ControlModify Files or Directories, Execute Unauthorized Code or Commands, Bypass Protection Mechanism, Gain Privileges or Assume Identity, Modify Memory, Modify Memory, DoS: Crash, Exit, or Restart
An improperly protected Security Token may be able to be programmed by a malicious agent (i.e., the Security Token is mutable) to spoof the action as if it originated from a trusted agent.
缓解措施 (1)
Architecture and Design, ImplementationSecurity Token assignment review checks for design inconsistency and common weaknesses. Security-Token definition and programming flow is tested in both pre-silicon and post-silicon testing.
代码示例 (1)
For example, consider a system with a register for storing an AES key for encryption and decryption. The key is of 128 bits implemented as a set of four 32-bit registers. The key register assets have an associated control register, AES_KEY_ACCESS_POLICY, which provides the necessary access controls. This access-policy register defines which agents may engage in a transaction, and the type of trans…
The Aux-controller could program its Security Token to "1" from "2".
Bad · Other
The SoC needs to protect the Security Tokens. None of the agents in the SoC should have the ability to change the Security Token.
Good · Other
CVE ID标题CVSS风险等级Published
CVE-2026-25700 Apache Answer 安全漏洞 — Apache Answer--2026-06-10
CVE-2026-40264 OpenBao 安全漏洞 — openbao 8.1AIHighAI2026-04-21
CVE-2024-45448 Huawei HarmonyOS 安全漏洞 — HarmonyOS 4.1 Medium2024-09-04
CVE-2024-41948 biscuit-java 安全漏洞 — biscuit-java 3.0 Low2024-08-01
CVE-2024-36111 KubePi 安全漏洞 — KubePi 6.3 Medium2024-07-25
CVE-2022-23551 AAD Pod Identity 安全漏洞 — aad-pod-identity 5.3 Medium2022-12-21

CWE-1259 是常见的弱点类别,本平台收录该类弱点关联的 6 条 CVE 漏洞。