目标达成 感谢每一位支持者 — 我们达成了 100% 目标!

目标: 1000 元 · 已筹: 1000

100.0%
请我们喝杯咖啡

CWE-1320 类漏洞列表 6

CWE-1320 类弱点 6 条 CVE 漏洞汇总,含 AI 中文分析。

CWE-1320 指系统未能妥善保护出站错误消息及警报信号,属于信息泄露或完整性破坏类漏洞。攻击者常通过篡改硬件传感器阈值或禁用警报机制,掩盖设备超出设计极限的状态,从而规避监控或引发潜在故障。开发者应通过硬件熔断器或可信软件(如 BIOS)严格限制阈值修改权限,并实施完整性校验,确保警报信号在传输与处理过程中免受未授权干扰或篡改。

MITRE CWE 官方描述
CWE:CWE-1320 出站错误消息和警报信号保护不当 英文:不受信任的代理可以禁用关于信号条件超出限制的警报或处理此类警报的响应机制。 硬件传感器用于检测设备是否在设计限制内运行。这些限制的阈值由硬件熔丝或受信任的软件(如 BIOS)设置。对这些限制的修改可能受到硬件机制的保护。当设备传感器检测到越界条件时,可能会生成用于补救操作的警报信号,其形式可能是设备关闭或节流。未得到适当保护的危险信号可能会被禁用或用于生成虚假警报,从而导致性能下降或拒绝服务(DoS)。 这些警报可能会被不受信任的软件屏蔽。这些警报的示例包括温度和电源传感器警报。
常见影响 (1)
AvailabilityDoS: Instability, DoS: Crash, Exit, or Restart, Reduce Reliability, Unexpected State
缓解措施 (1)
Architecture and DesignAlert signals generated by critical events should be protected from access by untrusted agents. Only hardware or trusted firmware modules should be able to alter the alert configuration.
代码示例 (1)
Consider a platform design where a Digital-Thermal Sensor (DTS) is used to monitor temperature and compare that output against a threshold value. If the temperature output equals or exceeds the threshold value, the DTS unit sends an alert signal to the processor. The processor, upon getting the alert, input triggers system shutdown. The alert signal is handled as a General-Purpose-I/O (GPIO…
The processor-GPIO controller exposes software-programmable controls that allow untrusted software to reprogram the state of the GPIO pin.
Bad · Other
The GPIO alert-signal pin is blocked from untrusted software access and is controlled only by trusted software, such as the System BIOS.
Good · Other
CVE ID标题CVSS风险等级Published
CVE-2023-5635 ArslanSoft Education Portal 安全漏洞 — Education Portal 7.5 High2023-12-01
CVE-2023-5443 Infodrom Software E-Invoice Approval System 安全漏洞 — E-invoice 7.5 High2023-10-27
CVE-2023-5570 Inohom Home Manager Gateway 安全漏洞 — Home Manager Gateway 7.5 High2023-10-27
CVE-2023-1014 Virames Vira-Investing 安全漏洞 — Vira-Investing 7.5 High2023-03-30
CVE-2023-0839 ProMIS inSCADA 安全漏洞 — inSCADA 9.8 Critical2023-03-06
CVE-2022-2319 xorg-x11-server 安全漏洞 — xorg-x11-server 7.8 -2022-09-01

CWE-1320 是常见的弱点类别,本平台收录该类弱点关联的 6 条 CVE 漏洞。