CWE-1244 12 件の CVE MITRE の定義 ↗

CWE-1244: Internal Asset Exposed to Unsafe Debug Access Level or State

概要

CWE-1244(Internal Asset Exposed to Unsafe Debug Access Level or State)は各種脆弱性データベースや評価で用いられる弱点タイプを説明します。定義・背景・対応する CVE は以下の各セクションを参照してください。

セキュリティへの影響
セキュリティ影響:製品や文脈に依存します。CVE 記録、深刻度、MITRE の説明を参照して優先度を判断してください。

説明

The product uses physical debug or test interfaces with support for multiple access levels, but it assigns the wrong debug access level to an internal asset, providing unintended access to the asset from untrusted debug agents.

適用プラットフォーム

種別 名称 クラス 普遍性 OS / CPE
language Not Language-Specific Undetermined
operating_system Not OS-Specific Undetermined
architecture Not Architecture-Specific Undetermined
technology System on Chip Undetermined

このデータベースの関連 CVE

これらの CVE は本データベースでこの弱点に対応付けられており、追跡と検索のために保持されています。

CVE 公開 概要
CVE-2025-67862 2026-06-09 An Internal Asset Exposed to Unsafe Debug Access Level or State vulnerability [CWE-1244] vulnerability in Fortinet FortiOS 7.6.0 through 7.6.2, FortiOS 7.4.0 through 7.4.7, FortiOS 7.2.0 through 7.2.1…
CVE-2026-29642 2026-04-20 A local attacker who can execute privileged CSR operations (or can induce firmware to do so) performs carefully crafted reads/writes to menvcfg (e.g., csrrs in M-mode). On affected XiangShan versions …
CVE-2025-36755 2025-12-12 The CleverDisplay BlueOne hardware player is designed with its USB interfaces physically enclosed and inaccessible under normal operating conditions. Researchers demonstrated that, after cicumventing …
CVE-2025-42878 2025-12-09 SAP Web Dispatcher and ICM may expose internal testing interfaces that are not intended for production. If enabled, unauthenticated attackers could exploit them to access diagnostics, send crafted req…
CVE-2025-23337 2025-09-17 NVIDIA HGX & DGX GB200, GB300, B300 contain a vulnerability in the HGX Management Controller (HMC) that may allow a malicious actor with administrative access on the BMC to access the HMC as an admin…
CVE-2025-23302 2025-09-04 NVIDIA HGX and DGX contain a vulnerability where a misconfiguration of the LS10 could enable an attacker to set an unsafe debug access level. A successful exploit of this vulnerability might lead to d…
CVE-2025-23301 2025-09-04 NVIDIA HGX and DGX contain a vulnerability where a misconfiguration of the VBIOS could enable an attacker to set an unsafe debug access level. A successful exploit of this vulnerability might lead to …
CVE-2025-20238 2025-08-14 A vulnerability in Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defense (FTD) Software could allow an authenticated, local attacker to execute arbi…
CVE-2025-23252 2025-06-17 The NVIDIA NVDebug tool contains a vulnerability that may allow an actor to gain access to restricted components. A successful exploit of this vulnerability may lead to information disclosure.
CVE-2024-0114 2025-03-04 NVIDIA Hopper HGX for 8-GPU contains a vulnerability in the HGX Management Controller (HMC) that may allow a malicious actor with administrative access on the BMC to access the HMC as an administrator…
CVE-2022-32259 2022-06-14 A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.1). The system images for installation or update of the affected application contain unit test scripts with sensi…
CVE-2020-5372 2020-07-06 Dell EMC PowerStore versions prior to 1.0.1.0.5.002 contain a vulnerability that exposes test interface ports to external network. A remote unauthenticated attacker could potentially cause Denial of S…

旧名称

  • Improper Authorization on Physical Debug and Test Interfaces (2020-08-20)
  • Improper Access to Sensitive Information Using Debug and Test Interfaces (2021-10-28)

コンテンツ投稿

名称
Arun Kanuparthi, Hareesh Khattri, Parbati Kumar Manna, Narasimha Kumar V Mangipudi
組織
Intel Corporation
日付
2020-02-12
バージョン
4.0

コンテンツの変更履歴

日付 名称 バージョン 重要度 コメント
2020-08-20 CWE Content Team 4.2 updated Demonstrative_Examples, Name, Observed_Examples, Related_Attack_Patterns
2021-03-15 CWE Content Team 4.4 updated Maintenance_Notes
2021-10-28 CWE Content Team 4.6 updated Demonstrative_Examples, Description, Detection_Factors, Maintenance_Notes, Name, Observed_Examples, Potential_Mitigations, References, Relationship_Notes, Relationships, Weakness_Ordinalities
2022-04-28 CWE Content Team 4.7 updated Related_Attack_Patterns
2023-04-27 CWE Content Team 4.11 updated References, Relationships
2023-06-29 CWE Content Team 4.12 updated Mapping_Notes
2024-02-29 CWE Content Team 4.14 updated Demonstrative_Examples, References
2025-09-09 CWE Content Team 4.18 updated References, Relationships
2025-12-11 CWE Content Team 4.19 updated Common_Consequences, Description

貢献

タイプ 名称 日付 コメント
Content Hareesh Khattri 2021-10-22 clarified differences between CWE-1191 and CWE-1244, and suggested rephrasing of descriptions and names.
Content Chen Chen, Rahul Kande, Jeyavijayan Rajendran 2023-11-07 suggested demonstrative example
Content Shaza Zeitouni, Mohamadreza Rostami, Ahmad-Reza Sadeghi 2023-11-07 suggested demonstrative example
cvelogic Threat Intelligence