1. Home
  2. CWE Database
  3. CWE-1334
Base · Medium

CWE-1334: Unauthorized Error Injection Can Degrade Hardware Redundancy

An unauthorized agent can inject errors into a redundant block to deprive the system of redundancy or put the system in a degraded operating mode.

CWE-1334 · Base Level ·3 Mitigations

Description

An unauthorized agent can inject errors into a redundant block to deprive the system of redundancy or put the system in a degraded operating mode.

To ensure the performance and functional reliability of certain components, hardware designers can implement hardware blocks for redundancy in the case that others fail. This redundant block can be prevented from performing as intended if the design allows unauthorized agents to inject errors into it. In this way, a path with injected errors may become unavailable to serve as a redundant channel. This may put the system into a degraded mode of operation which could be exploited by a subsequent attack.

Potential Impact

Integrity, Availability

DoS: Crash, Exit, or Restart, DoS: Instability, Quality Degradation, DoS: Resource Consumption (CPU), DoS: Resource Consumption (Memory), DoS: Resource Consumption (Other), Reduce Performance, Reduce Reliability, Unexpected State

Mitigations & Prevention

Architecture and Design

Ensure the design does not allow error injection in modes intended for normal run-time operation. Provide access controls on interfaces for injecting errors.

Implementation

Disallow error injection in modes which are expected to be used for normal run-time operation. Provide access controls on interfaces for injecting errors.

Integration

Add an access control layer atop any unprotected interfaces for injecting errors.

CWE-284: Improper Access Control

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

Frequently Asked Questions

What is CWE-1334?

CWE-1334 (Unauthorized Error Injection Can Degrade Hardware Redundancy) is a software weakness identified by MITRE's Common Weakness Enumeration. It is classified as a Base-level weakness. An unauthorized agent can inject errors into a redundant block to deprive the system of redundancy or put the system in a degraded operating mode.

How can CWE-1334 be exploited?

Attackers can exploit CWE-1334 (Unauthorized Error Injection Can Degrade Hardware Redundancy) to dos: crash, exit, or restart, dos: instability, quality degradation, dos: resource consumption (cpu), dos: resource consumption (memory), dos: resource consumption (other), reduce performance, reduce reliability, unexpected state. This weakness is typically introduced during the Architecture and Design, Implementation, Integration phase of software development.

How do I prevent CWE-1334?

Key mitigations include: Ensure the design does not allow error injection in modes intended for normal run-time operation. Provide access controls on interfaces for injecting errors.

What is the severity of CWE-1334?

CWE-1334 is classified as a Base-level weakness (Medium abstraction). Its actual severity depends on the specific context and how the weakness manifests in your application.