Missing Protection Mechanism for Alternate Hardware Interface

CVE-2024-39723

Medium

4.6/10

Summary

IBM FlashSystem 5300 USB ports may be usable even if the port has been disabled by the administrator. A user with physical access to the system could use the USB port to cause loss of access to data. IBM X-Force ID: 295935.

Attack Complexity: LOW
Attack Vector: PHYSICAL
Integrity Impact: NONE
Scope: UNCHANGED
User Interaction: NONE
Privileges Required: NONE
Confidentiality Impact: NONE
Availability Impact: HIGH

CWE-1299 - Missing Protection Mechanism for Alternate Hardware Interface

The lack of protections on alternate paths to access control-protected assets (such as unprotected shadow registers and other external facing unguarded interfaces) allows an attacker to bypass existing protections to the asset that are only performed against the primary path.

References

Advisory Timeline

Published Jul 08, 2024

Missing Protection Mechanism for Alternate Hardware Interface

CVE-2024-39723

Summary

CWE-1299 - Missing Protection Mechanism for Alternate Hardware Interface

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS