tid-114
Vulnerability from emb3d
Messages and data passing between discrete sub-components and peripherals may be intercepted and/or modified from through the peripheral bus (e.g., SPI, I2C, ISA, PCI, USB). Captured data may leak sensitive information (e.g., keys, cleartext firmware code) that can aid in reverse engineering and extracting data needed for other stages of an attack. Additionally, threat actors may be able to alter sensitive information in transit to cause malicious effects through data manipulation or interaction in transit over the bus. NOTE: This is different from TID-106 in that this threat refers to the data moving between the main board or processing chip to a peripheral device, whereas TID-106 refers to data moving between the processor and storage devices.
- CWE-311: Missing Encryption of Sensitive Data
- CWE-319: Cleartext Transmission of Sensitive Information
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.