目标达成 感谢每一位支持者 — 我们达成了 100% 目标!

目标: 1000 元 · 已筹: 1310

100%
请我们喝杯咖啡

CWE-1220 类漏洞列表 73

CWE-1220 类弱点 73 条 CVE 漏洞汇总,含 AI 中文分析。

CWE-1220 属于访问控制粒度不足漏洞。当访问控制策略过于宽泛,未能精确区分受信任与未受信任的代理时,攻击者可利用此缺陷访问敏感资产。开发者应实施最小权限原则,细化访问控制策略,确保仅授予必要的读写权限,从而防止未授权访问,提升系统安全性。

MITRE CWE 官方描述
CWE:CWE-1220 访问控制粒度不足 英文:产品通过策略或其他功能实施访问控制,旨在禁用或限制来自不受信任代理对系统中资产的访问(读取和/或写入)。然而,实施的访问控制缺乏所需的粒度,导致控制策略过于宽泛,因为它允许未经授权的代理访问安全敏感的资产。 集成电路和硬件引擎可以向受信任的固件或软件模块(通常由 BIOS/引导加载程序设置)暴露对资产(设备配置、密钥等)的访问。此类访问通常受到访问控制。在电源重置后,硬件或系统通常以寄存器中的默认值启动,受信任的固件(引导固件)配置必要的访问控制保护。此类保护方案中可能存在的一个常见弱点是访问控制或策略的粒度不够细。这种状况允许超出受信任代理范围的代理访问资产,可能导致功能丧失或无法安全地设置设备。这进一步导致从泄露的敏感密钥材料到设备配置被修改的安全风险。
常见影响 (1)
Confidentiality, Integrity, Availability, Access ControlModify Memory, Read Memory, Execute Unauthorized Code or Commands, Gain Privileges or Assume Identity, Bypass Protection Mechanism, Other
缓解措施 (1)
Architecture and Design, Implementation, TestingAccess-control-policy protections must be reviewed for design inconsistency and common weaknesses. Access-control-policy definition and programming flow must be tested in pre-silicon, post-silicon testing.
Effectiveness: High
代码示例 (2)
Consider a system with a register for storing AES key for encryption or decryption. The key is 128 bits, implemented as a set of four 32-bit registers. The key registers are assets and registers, AES_KEY_READ_POLICY and AES_KEY_WRITE_POLICY, and are defined to provide necessary access controls. The read-policy register defines which agents can read the AES-key registers, and write-policy register …
Register Field description AES_ENC_DEC_KEY_0 AES key [0:31] for encryption or decryption Default 0x00000000 AES_ENC_DEC_KEY_1 AES key [32:63] for encryption or decryption Default 0x00000000 AES_ENC_DEC_KEY_2 AES key [64:95] for encryption or decryption Default 0x00000000 AES_ENC_DEC_KEY_4 AES key [96:127] for encryption or decryption Default 0x00000000 AES_KEY_READ_WRITE_POLICY [31:0] Default 0x00000006 - meaning agent with identities "1" and "2" can both read from and write to key registers
Bad · Other
AES_KEY_READ_POLICY [31:0] Default 0x00000002 - meaning only Crypto engine with identity "1" can read registers: AES_ENC_DEC_KEY_0, AES_ENC_DEC_KEY_1, AES_ENC_DEC_KEY_2, AES_ENC_DEC_KEY_3 AES_KEY_WRITE_POLICY [31:0] Default 0x00000004 - meaning only trusted firmware with identity "2" can program registers: AES_ENC_DEC_KEY_0, AES_ENC_DEC_KEY_1, AES_ENC_DEC_KEY_2, AES_ENC_DEC_KEY_3
Good · Other
Within the AXI node interface wrapper module in the RISC-V AXI module of the HACK@DAC'19 CVA6 SoC [REF-1346], an access control mechanism is employed to regulate the access of different privileged users to peripherals.
... for (i=0; i<NB_SUBORDINATE; i++) begin for (j=0; j<NB_MANAGER; j++) begin assign connectivity_map_o[i][j] = access_ctrl_i[i][j][priv_lvl_i] || ((j==6) && access_ctrl_i[i][7][priv_lvl_i]); end end ...
Bad · Verilog
... for (i=0; i<NB_SUBORDINATE; i++) begin for (j=0; j<NB_MANAGER; j++) begin assign connectivity_map_o[i][j] = access_ctrl_i[i][j][priv_lvl_i]; end end ...
Good · Verilog
CVE ID标题CVSS风险等级Published
CVE-2021-46747 AMD Secure Processor权限提升漏洞 — AMD Athlon™ 3000 Series Mobile Processors with Radeon™ Graphics--2026-06-01
CVE-2026-37981 Keycloak 安全漏洞 — Red Hat build of Keycloak 26.4 4.3 Medium2026-05-19
CVE-2024-21962 AMD RAID Driver 安全漏洞 — AMD EPYC™ 4005 Series Processors--2026-05-15
CVE-2026-35436 Microsoft Office ClickToRun 安全漏洞 — Microsoft 365 Apps for Enterprise 8.8 High2026-05-12
CVE-2026-40365 Microsoft SharePoint 安全漏洞 — Microsoft SharePoint Enterprise Server 2016 8.8 High2026-05-12
CVE-2026-38743 Apache Airflow 安全漏洞 — Apache Airflow 4.3AIMediumAI2026-04-24
CVE-2026-40690 Apache Airflow 安全漏洞 — Apache Airflow 4.3AIMediumAI2026-04-24
CVE-2026-6388 Red Hat OpenShift GitOps 安全漏洞 — Red Hat OpenShift GitOps 9.1 Critical2026-04-15
CVE-2026-33825 Microsoft Defender 安全漏洞 — Microsoft Defender Antimalware Platform 7.8 High2026-04-14
CVE-2025-20628 PingIdentity PingIDM 安全漏洞 — PingIDM 5.9AIMediumAI2026-04-07
CVE-2026-20107 Cisco Application Policy Infrastructure Controller 安全漏洞 — Cisco Application Policy Infrastructure Controller (APIC) 5.5 Medium2026-02-25
CVE-2025-48514 AMD Processors 安全漏洞 — AMD EPYC™ 9004 Series Processors 2.3AILowAI2026-02-10
CVE-2025-48517 AMD EPYC 9005 Series 安全漏洞 — AMD EPYC™ 9005 Series Processors 3.2AILowAI2026-02-10
CVE-2024-4147 Lunary 安全漏洞 — lunary-ai/lunary 4.3AIMediumAI2026-02-02
CVE-2025-11246 GitLab Enterprise Edition(EE)和GitLab Community Edition(CE) 安全漏洞 — GitLab 5.4 Medium2026-01-09
CVE-2025-8306 Asseco InfoMedica 安全漏洞 — InfoMedica Plus 8.8 -2026-01-08
CVE-2025-20305 Cisco Identity Services Engine 安全漏洞 — Cisco Identity Services Engine Software 4.3 Medium2025-11-05
CVE-2025-8049 OpenText Flipper 安全漏洞 — Flipper 7.8AIHighAI2025-10-20
CVE-2025-8053 OpenText Flipper 安全漏洞 — Flipper 8.8AIHighAI2025-10-20
CVE-2025-54461 ChatLuck 安全漏洞 — ChatLuck 9.1AICriticalAI2025-10-16
CVE-2025-7493 Red Hat FreeIPA 安全漏洞 — Red Hat Enterprise Linux 10 9.1 Critical2025-09-30
CVE-2024-21947 AMD Embedded Processors和AMD Client Processor 安全漏洞 — AMD Ryzen™ Threadripper™ 3000 Processors 7.5 High2025-09-06
CVE-2025-31961 HCL Connections 安全漏洞 — Connections 3.7 Low2025-08-15
CVE-2025-2498 GitLab Enterprise Edition 安全漏洞 — GitLab 3.1 Low2025-08-13
CVE-2025-7001 GitLab Enterprise Edition(EE)和GitLab Community Edition(CE) 安全漏洞 — GitLab 4.3 Medium2025-07-24
CVE-2025-3648 ServiceNow Now Platform 安全漏洞 — Now Platform 5.3AIMediumAI2025-07-08
CVE-2025-27026 Infinera G42 安全漏洞 — G42 4.9 Medium2025-07-02
CVE-2025-4404 Red Hat FreeIPA 安全漏洞 9.1 Critical2025-06-17
CVE-2025-5982 GitLab Enterprise Edition 多款产品安全漏洞 — GitLab 3.7 Low2025-06-12
CVE-2025-1110 GitLab Enterprise Edition(EE)和GitLab Community Edition(CE) 安全漏洞 — GitLab 2.7 Low2025-05-22

CWE-1220 是常见的弱点类别,本平台收录该类弱点关联的 73 条 CVE 漏洞。