CVEbaza.plSłownik CWECWE-1283
Common Weakness Enumeration

CWE-1283

Mutable Attestation or Measurement Reporting Data

Kategoria: BaseCVE: 4
Opis

Zawartość rejestrów używanych do poświadczenia lub raportowania danych pomiarowych w celu weryfikacji sekwencji rozruchu mogą być modyfikowane przez przeciwnika. Stanowi to zagrożenie dla integralności procesu weryfikacji boot flow.

Description (EN)

The register contents used for attestation or measurement reporting data to verify boot flow are modifiable by an adversary.

Podatności CVE z CWE-1283 (4)
4.6
CVSS
MEDIUM
CVE-2022-1740

The tested version of Dominion Voting Systems ImageCast X’s on-screen application hash display feature, audit log export, and application export functionality rely on self-attestation mechanisms. An attacker could leverage this vulnerability to disguise malicious applications on a device.

pub. 2022-06-24
4.3
CVSS
MEDIUM
CVE-2024-29038

tpm2-tools is the source repository for the Trusted Platform Module (TPM2.0) tools. A malicious attacker can generate arbitrary quote data which is not detected by `tpm2 checkquote`. This issue was patched in version 5.7.

pub. 2024-06-28
2.3
CVSS
LOW
CVE-2023-3674

A flaw was found in the keylime attestation verifier, which fails to flag a device's submitted TPM quote as faulty when the quote's signature does not validate for some reason. Instead, it will only emit an error in the log without flagging the device as untrusted.

pub. 2023-07-19
Informacje
ID: CWE-1283
Typ: Base
Podatności: 4
MITRE CWE ↗
← Słownik CWE