CWE-1272 2 CVEs MITRE definition ↗

CWE-1272: Sensitive Information Uncleared Before Debug/Power State Transition

Overview

CWE-1272 (Sensitive Information Uncleared Before Debug/Power State Transition) documents a weakness type used across vulnerability databases and security assessments. Use the sections below for definition, context, and mapped CVEs.

Security impact
Security impact: Depends on product and context; use CVE records, severity scores, and MITRE guidance to prioritize.

Description

The product performs a power or debug state transition, but it does not clear sensitive information that should no longer be accessible due to changes to information access restrictions.

Applicable platforms

Kind Name Class Prevalence OS / CPE
language VHDL Undetermined
language Verilog Undetermined
language Hardware Description Language Undetermined
operating_system Not OS-Specific Undetermined
architecture Not Architecture-Specific Undetermined
technology Not Technology-Specific Undetermined

Related CVEs in this database

These CVEs are mapped to this weakness in this database and kept for traceability and search.

CVE Published Summary
CVE-2023-41967 2023-12-18 Sensitive information uncleared after debug/power state transition in the Controller 6000 could be abused by an attacker with knowledge of the Controller's default diagnostic password and physical ac…
CVE-2020-22656 2023-01-20 In Ruckus R310 10.5.1.0.199, Ruckus R500 10.5.1.0.199, Ruckus R600 10.5.1.0.199, Ruckus T300 10.5.1.0.199, Ruckus T301n 10.5.1.0.199, Ruckus T301s 10.5.1.0.199, SmartCell Gateway 200 (SCG200) before 3…

Previous names

  • Debug/Power State Transitions Leak Information (2020-08-20)

Content submission

Name
Parbati Kumar Manna, Hareesh Khattri, Arun Kanuparthi
Organization
Intel Corporation
Date
2020-05-31
Version
4.1

Content modifications

Date Name Version Importance Comment
2020-08-20 CWE Content Team 4.2 updated Applicable_Platforms, Common_Consequences, Demonstrative_Examples, Description, Name, Potential_Mitigations, Related_Attack_Patterns, Relationships
2021-03-15 CWE Content Team 4.4 updated Functional_Areas
2021-10-28 CWE Content Team 4.6 updated Common_Consequences, Demonstrative_Examples, Description, Detection_Factors, Observed_Examples, Potential_Mitigations, References, Relationships, Weakness_Ordinalities
2022-10-13 CWE Content Team 4.9 updated Applicable_Platforms
2023-04-27 CWE Content Team 4.11 updated Relationships
2023-06-29 CWE Content Team 4.12 updated Mapping_Notes
2025-04-03 CWE Content Team 4.17 updated Demonstrative_Examples
2025-09-09 CWE Content Team 4.18 updated References, Relationships
cvelogic Threat Intelligence