Description
The logic level used to set a system to a secure state relies on a fuse being unblown.
Fuses are often used to store secret data, including security configuration data. When not blown, a fuse is considered to store a logic 0, and, when blown, it indicates a logic 1. Fuses are generally considered to be one-directional, i.e., once blown to logic 1, it cannot be reset to logic 0.
Potential Impact
Access Control, Authorization
Bypass Protection Mechanism, Gain Privileges or Assume Identity
Availability
DoS: Crash, Exit, or Restart
Confidentiality
Read Memory
Integrity
Modify Memory, Execute Unauthorized Code or Commands
Mitigations & Prevention
Logic should be designed in a way that blown fuses do not put the product into an insecure state that can be leveraged by an attacker.
Related Weaknesses
Frequently Asked Questions
What is CWE-1253?
CWE-1253 (Incorrect Selection of Fuse Values) is a software weakness identified by MITRE's Common Weakness Enumeration. It is classified as a Base-level weakness. The logic level used to set a system to a secure state relies on a fuse being unblown.
How can CWE-1253 be exploited?
Attackers can exploit CWE-1253 (Incorrect Selection of Fuse Values) to bypass protection mechanism, gain privileges or assume identity. This weakness is typically introduced during the Architecture and Design, Implementation phase of software development.
How do I prevent CWE-1253?
Key mitigations include: Logic should be designed in a way that blown fuses do not put the product into an insecure state that can be leveraged by an attacker.
What is the severity of CWE-1253?
CWE-1253 is classified as a Base-level weakness (Medium abstraction). Its actual severity depends on the specific context and how the weakness manifests in your application.