Description
The product does not provide its users with the ability to update or patch its firmware to address any vulnerabilities or weaknesses that may be present.
Without the ability to patch or update firmware, consumers will be left vulnerable to exploitation of any known vulnerabilities, or any vulnerabilities that are discovered in the future. This can expose consumers to permanent risk throughout the entire lifetime of the device, which could be years or decades. Some external protective measures and mitigations might be employed to aid in preventing or reducing the risk of malicious attack, but the root weakness cannot be corrected.
Potential Impact
Confidentiality, Integrity, Access Control, Authentication, Authorization
Gain Privileges or Assume Identity, Bypass Protection Mechanism, Execute Unauthorized Code or Commands, DoS: Crash, Exit, or Restart
Demonstrative Examples
The refrigerator has no means of patching and is hacked, becoming a spewer of email spam.The device automatically patches itself and provides considerable more protection against being hacked.Mitigations & Prevention
Specify requirements to include the ability to update the firmware. Include integrity checks and authentication to ensure that untrusted firmware cannot be installed.
Design the device to allow for updating the firmware. Ensure that the design specifies how to distribute the updates and ensure their integrity and authentication.
Implement the necessary functionality to allow the firmware to be updated.
Detection Methods
- Manual Analysis High — Create a new installable boot image of the current build with a minor version number change. Use the standard installation method to update the boot image. Verify that the minor version number has changed. Create a fake image. Verify that the boot updater will not install the fake image and generate
- Architecture or Design Review Moderate — Check the consumer or maintainer documentation, the architecture/design documentation, or the original requirements to ensure that the documentation includes details for how to update the firmware.
- Manual Dynamic Analysis High — Determine if there is a lack of a capability to update read-only memory (ROM) structure. This could manifest as a difference between the latest firmware version and the current version within the device.
Real-World CVE Examples
| CVE ID | Description |
|---|---|
| CVE-2020-9054 | Chain: network-attached storage (NAS) device has a critical OS command injection (CWE-78) vulnerability that is actively exploited to place IoT devices into a botnet, but some products are "end-of-sup |
| [REF-1095] | A hardware "smart lock" has weak key generation that allows attackers to steal the key by BLE sniffing, but the device's firmware cannot be upgraded and hence remains vulnerable [REF-1095]. |
Related Weaknesses
Frequently Asked Questions
What is CWE-1277?
CWE-1277 (Firmware Not Updateable) is a software weakness identified by MITRE's Common Weakness Enumeration. It is classified as a Base-level weakness. The product does not provide its users with the ability to update or patch its firmware to address any vulnerabilities or weaknesses that may be present.
How can CWE-1277 be exploited?
Attackers can exploit CWE-1277 (Firmware Not Updateable) to gain privileges or assume identity, bypass protection mechanism, execute unauthorized code or commands, dos: crash, exit, or restart. This weakness is typically introduced during the Requirements, Architecture and Design, Implementation phase of software development.
How do I prevent CWE-1277?
Key mitigations include: Specify requirements to include the ability to update the firmware. Include integrity checks and authentication to ensure that untrusted firmware cannot be installed.
What is the severity of CWE-1277?
CWE-1277 is classified as a Base-level weakness (Medium abstraction). It has been observed in 2 real-world CVEs.