CWE-1299
AllowedMissing Protection Mechanism for Alternate Hardware Interface
Abstraction: Base · Status: Draft
The lack of protections on alternate paths to access control-protected assets (such as unprotected shadow registers and other external facing unguarded interfaces) allows an attacker to bypass existing protections to the asset that are only performed against the primary path.
19 vulnerabilities reference this CWE, most recent first.
GHSA-2XW2-F246-G27C
Vulnerability from github – Published: 2026-02-10 18:30 – Updated: 2026-06-30 03:35Missing protection mechanism for alternate hardware interface in the Intel(R) Quick Assist Technology for some Intel(R) Platforms within Ring 0: Kernel may allow an escalation of privilege. System software adversary with a privileged user combined with a low complexity attack may enable escalation of privilege. This result may potentially occur via local access when attack requirements are present with special internal knowledge and requires no user interaction. The potential vulnerability may impact the confidentiality (high), integrity (high) and availability (none) of the vulnerable system, resulting in subsequent system confidentiality (none), integrity (none) and availability (none) impacts.
{
"affected": [],
"aliases": [
"CVE-2025-35998"
],
"database_specific": {
"cwe_ids": [
"CWE-1220",
"CWE-1299"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-02-10T17:16:17Z",
"severity": "HIGH"
},
"details": "Missing protection mechanism for alternate hardware interface in the Intel(R) Quick Assist Technology for some Intel(R) Platforms within Ring 0: Kernel may allow an escalation of privilege. System software adversary with a privileged user combined with a low complexity attack may enable escalation of privilege. This result may potentially occur via local access when attack requirements are present with special internal knowledge and requires no user interaction. The potential vulnerability may impact the confidentiality (high), integrity (high) and availability (none) of the vulnerable system, resulting in subsequent system confidentiality (none), integrity (none) and availability (none) impacts.",
"id": "GHSA-2xw2-f246-g27c",
"modified": "2026-06-30T03:35:33Z",
"published": "2026-02-10T18:30:40Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-35998"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:6888"
},
{
"type": "WEB",
"url": "https://access.redhat.com/security/cve/CVE-2025-35998"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2438523"
},
{
"type": "WEB",
"url": "https://intel.com/content/www/us/en/security-center/advisory/intel-sa-01406.html"
},
{
"type": "WEB",
"url": "https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-35998.json"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-3FJC-956C-32MF
Vulnerability from github – Published: 2023-11-28 21:30 – Updated: 2023-11-28 21:30The FACSChorus workstation does not prevent physical access to its PCI express (PCIe) slots, which could allow a threat actor to insert a PCI card designed for memory capture. A threat actor can then isolate sensitive information such as a BitLocker encryption key from a dump of the workstation RAM during startup.
{
"affected": [],
"aliases": [
"CVE-2023-29063"
],
"database_specific": {
"cwe_ids": [
"CWE-1299",
"CWE-306"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-11-28T21:15:07Z",
"severity": "LOW"
},
"details": "The FACSChorus workstation does not prevent physical access to its PCI express (PCIe) slots, which could allow a threat actor to insert a PCI card designed for memory capture. A threat actor can then isolate sensitive information such as a BitLocker encryption key from a dump of the workstation RAM during startup.",
"id": "GHSA-3fjc-956c-32mf",
"modified": "2023-11-28T21:30:25Z",
"published": "2023-11-28T21:30:25Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-29063"
},
{
"type": "WEB",
"url": "https://www.bd.com/en-us/about-bd/cybersecurity/bulletin/bd-facschorus-software"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-42MR-MFCR-7JQH
Vulnerability from github – Published: 2023-07-06 19:24 – Updated: 2024-04-04 05:30The BD BodyGuard™ infusion pumps specified allow for access through the RS-232 (serial) port interface. If exploited, threat actors with physical access, specialized equipment and knowledge may be able to configure or disable the pump. No electronic protected health information (ePHI), protected health information (PHI) or personally identifiable information (PII) is stored in the pump.
{
"affected": [],
"aliases": [
"CVE-2022-43557"
],
"database_specific": {
"cwe_ids": [
"CWE-1299",
"CWE-287"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-12-05T22:15:00Z",
"severity": "MODERATE"
},
"details": "The BD BodyGuard\u2122 infusion pumps specified allow for access through the RS-232 (serial) port interface. If exploited, threat actors with physical access, specialized equipment and knowledge may be able to configure or disable the pump. No electronic protected health information (ePHI), protected health information (PHI) or personally identifiable information (PII) is stored in the pump.",
"id": "GHSA-42mr-mfcr-7jqh",
"modified": "2024-04-04T05:30:45Z",
"published": "2023-07-06T19:24:05Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-43557"
},
{
"type": "WEB",
"url": "https://www.bd.com/en-us/about-bd/cybersecurity/bulletin/bd-bodyguard-pumps-rs-232-interface-vulnerability"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-9CMP-PPM3-HP8W
Vulnerability from github – Published: 2025-02-11 12:30 – Updated: 2025-11-04 00:32A serial interface can be accessed with physical access to the PCB of Wattsense Bridge devices. After connecting to the interface, access to the bootloader is possible, as well as a Linux login prompt. The bootloader access can be used to gain a root shell on the device. This issue is fixed in recent firmware versions BSP >= 6.4.1.
{
"affected": [],
"aliases": [
"CVE-2025-26409"
],
"database_specific": {
"cwe_ids": [
"CWE-1191",
"CWE-1299"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-02-11T10:15:09Z",
"severity": "MODERATE"
},
"details": "A serial interface can be accessed with physical access to the PCB of Wattsense Bridge devices. After connecting to the interface, access to the bootloader is possible, as well as a Linux login prompt. The bootloader access can be used to gain a root shell on the device. This issue is fixed in\u00a0recent firmware versions BSP \u003e= 6.4.1.",
"id": "GHSA-9cmp-ppm3-hp8w",
"modified": "2025-11-04T00:32:19Z",
"published": "2025-02-11T12:30:53Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-26409"
},
{
"type": "WEB",
"url": "https://r.sec-consult.com/wattsense"
},
{
"type": "WEB",
"url": "https://support.wattsense.com/hc/en-150/articles/13366066529437-Release-Notes"
},
{
"type": "WEB",
"url": "http://seclists.org/fulldisclosure/2025/Feb/9"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-CCRQ-W269-C7PJ
Vulnerability from github – Published: 2025-12-09 18:30 – Updated: 2025-12-09 18:30An attacker can use an undocumented UART port on the PCB as a side-channel to get root access e.g. with the credentials obtained from CVE-2025-41692.
{
"affected": [],
"aliases": [
"CVE-2025-41697"
],
"database_specific": {
"cwe_ids": [
"CWE-1299"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-12-09T16:17:49Z",
"severity": "MODERATE"
},
"details": "An attacker can use an undocumented UART port on the PCB as a side-channel to get root access e.g. with the credentials obtained from CVE-2025-41692.",
"id": "GHSA-ccrq-w269-c7pj",
"modified": "2025-12-09T18:30:37Z",
"published": "2025-12-09T18:30:37Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-41697"
},
{
"type": "WEB",
"url": "https://certvde.com/de/advisories/VDE-2025-071"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-J3FQ-6CWX-WGX7
Vulnerability from github – Published: 2025-04-10 12:31 – Updated: 2025-04-10 12:31Panasonic IR Control Hub (IR Blaster) versions 1.17 and earlier may allow an attacker with physical access to load unauthorized firmware onto the device.
{
"affected": [],
"aliases": [
"CVE-2025-1073"
],
"database_specific": {
"cwe_ids": [
"CWE-1299"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-04-10T12:15:15Z",
"severity": "HIGH"
},
"details": "Panasonic IR Control Hub (IR Blaster) versions 1.17 and earlier may allow an attacker with physical access to load unauthorized firmware onto the device.",
"id": "GHSA-j3fq-6cwx-wgx7",
"modified": "2025-04-10T12:31:27Z",
"published": "2025-04-10T12:31:27Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-1073"
},
{
"type": "WEB",
"url": "https://lsin.panasonic.com/release-notes"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:L",
"type": "CVSS_V3"
}
]
}
GHSA-JR9F-3XG9-2J4F
Vulnerability from github – Published: 2024-07-08 03:32 – Updated: 2024-07-08 03:32IBM FlashSystem 5300 USB ports may be usable even if the port has been disabled by the administrator. A user with physical access to the system could use the USB port to cause loss of access to data. IBM X-Force ID: 295935.
{
"affected": [],
"aliases": [
"CVE-2024-39723"
],
"database_specific": {
"cwe_ids": [
"CWE-1299",
"CWE-287"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-07-08T01:15:12Z",
"severity": "MODERATE"
},
"details": "IBM FlashSystem 5300 USB ports may be usable even if the port has been disabled by the administrator. A user with physical access to the system could use the USB port to cause loss of access to data. IBM X-Force ID: 295935.",
"id": "GHSA-jr9f-3xg9-2j4f",
"modified": "2024-07-08T03:32:11Z",
"published": "2024-07-08T03:32:11Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-39723"
},
{
"type": "WEB",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/295935"
},
{
"type": "WEB",
"url": "https://www.ibm.com/support/pages/node/7159333"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-M36F-V9QC-F9H5
Vulnerability from github – Published: 2024-10-15 09:30 – Updated: 2025-11-04 00:31The device directly executes .patch firmware upgrade files on a USB stick without any prior authentication in the admin interface. This leads to an unauthenticated code execution via the firmware upgrade function.
{
"affected": [],
"aliases": [
"CVE-2024-47944"
],
"database_specific": {
"cwe_ids": [
"CWE-1299"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-10-15T09:15:03Z",
"severity": "CRITICAL"
},
"details": "The device directly executes .patch firmware upgrade files on a USB stick without any prior authentication in the admin interface. This leads to an unauthenticated code execution via the\u00a0firmware upgrade function.",
"id": "GHSA-m36f-v9qc-f9h5",
"modified": "2025-11-04T00:31:34Z",
"published": "2024-10-15T09:30:31Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-47944"
},
{
"type": "WEB",
"url": "https://r.sec-consult.com/rittaliot"
},
{
"type": "WEB",
"url": "https://www.rittal.com/de-de/products/deep/3124300"
},
{
"type": "WEB",
"url": "http://seclists.org/fulldisclosure/2024/Oct/4"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-Q8HH-F4G3-P688
Vulnerability from github – Published: 2023-11-28 21:30 – Updated: 2023-11-28 21:30The FACSChorus workstation operating system does not restrict what devices can interact with its USB ports. If exploited, a threat actor with physical access to the workstation could gain access to system information and potentially exfiltrate data.
{
"affected": [],
"aliases": [
"CVE-2023-29060"
],
"database_specific": {
"cwe_ids": [
"CWE-1299",
"CWE-306"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-11-28T20:15:07Z",
"severity": "MODERATE"
},
"details": "The FACSChorus workstation operating system does not restrict what devices can interact with its USB ports. If exploited, a threat actor with physical access to the workstation could gain access to system information and potentially exfiltrate data.",
"id": "GHSA-q8hh-f4g3-p688",
"modified": "2023-11-28T21:30:25Z",
"published": "2023-11-28T21:30:25Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-29060"
},
{
"type": "WEB",
"url": "https://www.bd.com/en-us/about-bd/cybersecurity/bulletin/bd-facschorus-software"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H",
"type": "CVSS_V3"
}
]
}
Mitigation
Protect assets from accesses against all potential interfaces and alternate paths.
Mitigation
Protect assets from accesses against all potential interfaces and alternate paths.
Mitigation
Protect assets from accesses against all potential interfaces and alternate paths.
CAPEC-457: USB Memory Attacks
An adversary loads malicious code onto a USB memory stick in order to infect any system which the device is plugged in to. USB drives present a significant security risk for business and government agencies. Given the ability to integrate wireless functionality into a USB stick, it is possible to design malware that not only steals confidential data, but sniffs the network, or monitor keystrokes, and then exfiltrates the stolen data off-site via a Wireless connection. Also, viruses can be transmitted via the USB interface without the specific use of a memory stick. The attacks from USB devices are often of such sophistication that experts conclude they are not the work of single individuals, but suggest state sponsorship. These attacks can be performed by an adversary with direct access to a target system or can be executed via means such as USB Drop Attacks.
CAPEC-554: Functionality Bypass
An adversary attacks a system by bypassing some or all functionality intended to protect it. Often, a system user will think that protection is in place, but the functionality behind those protections has been disabled by the adversary.