CWE · MITRE source
CWE-1244Internal Asset Exposed to Unsafe Debug Access Level or State
The product uses physical debug or test interfaces with support for multiple access levels, but it assigns the wrong debug access level to an internal asset, providing unintended access to the asset from untrusted debug agents.
Debug authorization can have multiple levels of access, defined such that different system internal assets are accessible based on the current authorized debug level. Other than debugger authentication (e.g., using passwords or challenges), the authorization can also be based on the system state or boot stage. For example, full system debug access might only be allowed early in boot after a system reset to ensure that previous session data is not accessible to the authenticated debugger.
Last updated: 04 July 2026 00:28 UTC
Cumulative inbound coverage
How completely the frameworks we cross-walk collectively cover this — the verdict is the strongest single mapping (overlapping partials are not summed); breadth shows the corroboration behind it.
Collective: partial · 1 mapping(s) from 1 framework(s): CAPEC 1 (partial)
NIST 800-53 r5 controls that address this weakness (1)AI
| Control | Title | Family | Why it addresses this CWE |
|---|---|---|---|
SC-41 | Port and I/O Device Access | SC | Prevents internal assets from being exposed through debug or test access levels by removing those interfaces. |
Top CVEs of this weakness type, ranked by Risk Priority
| CVE | Risk | CVSS | EPSS | Published |
|---|---|---|---|---|
CVE-2020-5372 | 5.5 | 8.6 | 0.0094 | 2020-07-06 |
CVE-2024-0114 | 5.5 | 8.1 | 0.0021 | 2025-03-05 |
CVE-2025-42878 | 5.5 | 8.2 | 0.0030 | 2025-12-09 |
CVE-2026-29642 | 5.5 | 7.8 | 0.0011 | 2026-04-20 |
CVE-2022-32259 | 3.5 | 6.5 | 0.0060 | 2022-06-14 |
CVE-2025-23252 UPD | 3.5 | 4.5 | 0.0028 | 2025-06-18 |
CVE-2025-20238 UPD | 3.5 | 6.0 | 0.0014 | 2025-08-14 |
CVE-2025-23301 UPD | 3.5 | 4.2 | 0.0011 | 2025-09-04 |
CVE-2025-23302 UPD | 3.5 | 4.2 | 0.0011 | 2025-09-04 |
CVE-2025-23337 | 3.5 | 6.7 | 0.0014 | 2025-09-17 |
CVE-2025-67862 UPD | 3.5 | 6.7 | 0.0014 | 2026-06-09 |