{"@ID": "1328", "@Name": "Security Version Number Mutable to Older Versions", "@Abstraction": "Base", "@Structure": "Simple", "@Status": "Draft", "Description": "Security-version number in hardware is mutable, resulting in the ability to downgrade (roll-back) the boot firmware to vulnerable code versions.", "Extended_Description": {"xhtml:p": ["A System-on-Chip (SoC) implements secure boot or verified boot. It might support a security version number, which prevents downgrading the current firmware to a vulnerable version. Once downgraded to a previous version, an adversary can launch exploits on the SoC and thus compromise the security of the SoC. These downgrade attacks are also referred to as roll-back attacks.", "The security version number must be stored securely and persistently across power-on resets. A common weakness is that the security version number is modifiable by an adversary, allowing roll-back or downgrade attacks or, under certain circumstances, preventing upgrades (i.e. Denial-of-Service on upgrades). In both cases, the SoC is in a vulnerable state."]}, "Related_Weaknesses": {"Related_Weakness": [{"@Nature": "ChildOf", "@CWE_ID": "285", "@View_ID": "1000", "@Ordinal": "Primary"}, {"@Nature": "PeerOf", "@CWE_ID": "757", "@View_ID": "1000", "@Ordinal": "Primary"}]}, "Weakness_Ordinalities": {"Weakness_Ordinality": {"Ordinality": "Primary"}}, "Applicable_Platforms": {"Language": {"@Class": "Not Language-Specific", "@Prevalence": "Undetermined"}, "Operating_System": {"@Class": "Not OS-Specific", "@Prevalence": "Undetermined"}, "Architecture": {"@Class": "Not Architecture-Specific", "@Prevalence": "Undetermined"}, "Technology": [{"@Name": "Security Hardware", "@Prevalence": "Undetermined"}, {"@Class": "Not Technology-Specific", "@Prevalence": "Undetermined"}]}, "Modes_Of_Introduction": {"Introduction": [{"Phase": "Architecture and Design"}, {"Phase": "Implementation", "Note": "Such issues could be introduced during hardware architecture and design, and can be identified later during testing or system configuration phases."}]}, "Common_Consequences": {"Consequence": {"Scope": ["Confidentiality", "Integrity", "Authentication", "Authorization"], "Impact": "Other", "Likelihood": "High", "Note": "Impact includes roll-back or downgrade to a vulnerable version of the firmware or DoS (prevent upgrades)."}}, "Detection_Methods": {"Detection_Method": [{"Method": "Automated Dynamic Analysis", "Description": "Mutability of stored security version numbers and programming with older firmware images should be part of automated testing.", "Effectiveness": "High"}, {"Method": "Architecture or Design Review", "Description": "Anti-roll-back features should be reviewed as part of Architecture or Design review.", "Effectiveness": "High"}]}, "Potential_Mitigations": {"Mitigation": [{"Phase": "Architecture and Design", "Description": "When architecting the system, security version data should be designated for storage in registers that are either read-only or have access controls that prevent modification by an untrusted agent."}, {"Phase": "Implementation", "Description": "During implementation and test, security version data should be demonstrated to be read-only and access controls should be validated."}]}, "Demonstrative_Examples": {"Demonstrative_Example": {"Intro_Text": "A new version of firmware is signed with a security version number higher than the previous version. During the firmware update process the SoC checks for the security version number and upgrades the SoC firmware with the latest version. This security version number is stored in persistent memory upon successful upgrade for use across power-on resets.", "Body_Text": ["In general, if the security version number is mutable, the implementation is vulnerable. A mutable security version number allows an adversary to change the security version to a lower value to allow roll-back or to a higher value to prevent future upgrades.", "The security version number should be stored in immutable hardware such as fuses, and the writes to these fuses should be highly access-controlled with appropriate authentication and authorization protections."]}}, "Related_Attack_Patterns": {"Related_Attack_Pattern": {"@CAPEC_ID": "176"}}, "Mapping_Notes": {"Usage": "Allowed", "Rationale": "This CWE entry is at the Base level of abstraction, which is a preferred level of abstraction for mapping to the root causes of vulnerabilities.", "Comments": "Carefully read both the name and description to ensure that this mapping is an appropriate fit. Do not try to 'force' a mapping to a lower-level Base/Variant simply to comply with this preferred level of abstraction.", "Reasons": {"Reason": {"@Type": "Acceptable-Use"}}}, "Content_History": {"Submission": {"Submission_Name": "Arun Kanuparthi, Hareesh Khattri, Parbati Kumar Manna", "Submission_Organization": "Intel Corporation", "Submission_Date": "2020-04-25", "Submission_Version": "4.3", "Submission_ReleaseDate": "2020-12-10"}, "Modification": [{"Modification_Name": "CWE Content Team", "Modification_Organization": "MITRE", "Modification_Date": "2021-07-20", "Modification_Version": "4.5", "Modification_ReleaseDate": "2021-07-20", "Modification_Comment": "updated Related_Attack_Patterns"}, {"Modification_Name": "CWE Content Team", "Modification_Organization": "MITRE", "Modification_Date": "2021-10-28", "Modification_Version": "4.6", "Modification_ReleaseDate": "2021-10-28", "Modification_Comment": "updated Demonstrative_Examples"}, {"Modification_Name": "CWE Content Team", "Modification_Organization": "MITRE", "Modification_Date": "2022-04-28", "Modification_Version": "4.7", "Modification_ReleaseDate": "2022-04-28", "Modification_Comment": "updated Applicable_Platforms"}, {"Modification_Name": "CWE Content Team", "Modification_Organization": "MITRE", "Modification_Date": "2022-06-28", "Modification_Version": "4.8", "Modification_ReleaseDate": "2022-06-28", "Modification_Comment": "updated Applicable_Platforms"}, {"Modification_Name": "CWE Content Team", "Modification_Organization": "MITRE", "Modification_Date": "2023-04-27", "Modification_Version": "4.11", "Modification_ReleaseDate": "2023-04-27", "Modification_Comment": "updated Relationships"}, {"Modification_Name": "CWE Content Team", "Modification_Organization": "MITRE", "Modification_Date": "2023-06-29", "Modification_Version": "4.12", "Modification_ReleaseDate": "2023-06-29", "Modification_Comment": "updated Mapping_Notes"}, {"Modification_Name": "CWE Content Team", "Modification_Organization": "MITRE", "Modification_Date": "2025-12-11", "Modification_Version": "4.19", "Modification_ReleaseDate": "2025-12-11", "Modification_Comment": "updated Weakness_Ordinalities"}]}}
