CWE-1244
AllowedInternal Asset Exposed to Unsafe Debug Access Level or State
Abstraction: Base · Status: Stable
The product uses physical debug or test interfaces with support for multiple access levels, but it assigns the wrong debug access level to an internal asset, providing unintended access to the asset from untrusted debug agents.
22 vulnerabilities reference this CWE, most recent first.
GHSA-JMQM-X5RX-7564
Vulnerability from github – Published: 2025-09-05 18:31 – Updated: 2025-09-05 18:31NVIDIA HGX and DGX contain a vulnerability where a misconfiguration of the LS10 could enable an attacker to set an unsafe debug access level. A successful exploit of this vulnerability might lead to denial of service.
{
"affected": [],
"aliases": [
"CVE-2025-23302"
],
"database_specific": {
"cwe_ids": [
"CWE-1244"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-09-04T16:15:35Z",
"severity": "MODERATE"
},
"details": "NVIDIA HGX and DGX contain a vulnerability where a misconfiguration of the LS10 could enable an attacker to set an unsafe debug access level. A successful exploit of this vulnerability might lead to denial of service.",
"id": "GHSA-jmqm-x5rx-7564",
"modified": "2025-09-05T18:31:15Z",
"published": "2025-09-05T18:31:15Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-23302"
},
{
"type": "WEB",
"url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5674"
},
{
"type": "WEB",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-23302"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:N/I:L/A:L",
"type": "CVSS_V3"
}
]
}
GHSA-QH47-4WJJ-CQJJ
Vulnerability from github – Published: 2025-03-05 03:30 – Updated: 2025-03-05 03:30NVIDIA Hopper HGX for 8-GPU contains a vulnerability in the HGX Management Controller (HMC) that may allow a malicious actor with administrative access on the BMC to access the HMC as an administrator. A successful exploit of this vulnerability may lead to code execution, denial of service, escalation of privileges, information disclosure, and data tampering.
{
"affected": [],
"aliases": [
"CVE-2024-0114"
],
"database_specific": {
"cwe_ids": [
"CWE-1244"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-03-05T02:15:35Z",
"severity": "HIGH"
},
"details": "NVIDIA Hopper HGX for 8-GPU contains a vulnerability in the HGX Management Controller (HMC) that may allow a malicious actor with administrative access on the BMC to access the HMC as an administrator. A successful exploit of this vulnerability may lead to code execution, denial of service, escalation of privileges, information disclosure, and data tampering.",
"id": "GHSA-qh47-4wjj-cqjj",
"modified": "2025-03-05T03:30:51Z",
"published": "2025-03-05T03:30:51Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-0114"
},
{
"type": "WEB",
"url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5561"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:H/A:H",
"type": "CVSS_V3"
}
]
}
Mitigation
For security-sensitive assets accessible over debug/test interfaces, only allow trusted agents.
Mitigation
Apply blinding [REF-1219] or masking techniques in strategic areas.
Mitigation
Add shielding or tamper-resistant protections to the device, which increases the difficulty and cost for accessing debug/test interfaces.
CAPEC-114: Authentication Abuse
An attacker obtains unauthorized access to an application, service or device either through knowledge of the inherent weaknesses of an authentication mechanism, or by exploiting a flaw in the authentication scheme's implementation. In such an attack an authentication mechanism is functioning but a carefully controlled sequence of events causes the mechanism to grant access to the attacker.