CWE-1320
Improper Protection for Outbound Error Messages and Alert Signals
Description
Untrusted agents can disable alerts about signal conditions exceeding limits or the response mechanism that handles such alerts.
{"xhtml:p":["Hardware sensors are used to detect whether a device is operating within design limits. The threshold values for these limits are set by hardware fuses or trusted software such as a BIOS. \n\t\t\t\tModification of these limits may be protected by hardware mechanisms.","When device sensors detect out of bound conditions, alert signals may be generated for remedial action, which may take the form of device shutdown or throttling.","Warning signals that are not properly secured may be disabled or used to generate spurious alerts, causing degraded performance or denial-of-service (DoS).\n\t\t\t\tThese alerts may be masked by untrusted software. Examples of these alerts involve thermal and power sensor alerts."]}
Parent Weaknesses (ChildOf)
Common Consequences
Scope
Impact
DoS: Instability, DoS: Crash, Exit, or Restart, Reduce Reliability, Unexpected State
Potential Mitigations
Alert signals generated by critical events should be protected from access by untrusted agents. Only hardware or trusted firmware modules should be able to alter the alert configuration.
Applicable Platforms
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now