CWE-1191: On-Chip Debug and Test Interface With Improper Access Control

low-risk

The chip does not implement or does not correctly perform access control to check whether users are authorized to access internal registers and test modes through the physical debug/test interface.

Abstraction: Base

Common Consequences

Confidentiality Read Application Data
Confidentiality Read Memory
Authorization Execute Unauthorized Code or Commands
Integrity Modify Memory
Integrity Modify Application Data
Access Control Bypass Protection Mechanism

Detection Methods

Dynamic Analysis with Manual Results Interpretation

Authentication and authorization of debug and test interfaces should be part of the architecture and design review process. Withholding of private register documentation from the debug and test interface public specification ("Security by obscurity") should not be considered as sufficient security.

Dynamic Analysis with Manual Results Interpretation

Dynamic tests should be done in the pre-silicon and post-silicon stages to verify that the debug and test interfaces are not open by default.

Fuzzing

Tests that fuzz Debug and Test Interfaces should ensure that no access without appropriate authentication and authorization is possible.

Real-World Examples (10)

CVE CVSS EPSS KEV
CVE-2024-4231 4.6 4.8%
CVE-2025-26409 6.8 0.2%
CVE-2025-26408 6.1 0.2%
CVE-2022-43096 6.8 0.1%
CVE-2020-9285 6.8 0.1%
CVE-2024-48970 9.3 0.1%
CVE-2025-65821 7.5 0.1%
CVE-2025-65822 6.8 0.0%
CVE-2025-47819 6.4 0.0%
CVE-2025-47822 6.4 0.0%
0
/ 100
low-risk
Active Threat 0/50 · Minimal
Exploit Availability 0/50 · Minimal