Missing Protection Mechanism for Alternate Hardware Interface

CVE-2021-3788

Medium

6.8/10

Summary

An exposed debug interface was reported in some Motorola-branded Binatone Hubble Cameras that could allow an attacker with physical access unauthorized access to the device.

Attack Complexity: LOW
Attack Vector: PHYSICAL
Integrity Impact: HIGH
Scope: UNCHANGED
User Interaction: NONE
Privileges Required: NONE
Confidentiality Impact: HIGH
Availability Impact: HIGH

CWE-1299 - Missing Protection Mechanism for Alternate Hardware Interface

The lack of protections on alternate paths to access control-protected assets (such as unprotected shadow registers and other external facing unguarded interfaces) allows an attacker to bypass existing protections to the asset that are only performed against the primary path.

References

Advisory Timeline

Published Nov 12, 2021

Missing Protection Mechanism for Alternate Hardware Interface

CVE-2021-3788

Summary

CWE-1299 - Missing Protection Mechanism for Alternate Hardware Interface

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS