Cyber Resilience

CWE · MITRE source

CWE-1299Missing Protection Mechanism for Alternate Hardware Interface

Abstraction: Base · CVEs in our corpus: 10

The lack of protections on alternate paths to access control-protected assets (such as unprotected shadow registers and other external facing unguarded interfaces) allows an attacker to bypass existing protections to the asset that are only performed against the primary path.

An asset inside a chip might have access-control protections through one interface. However, if all paths to the asset are not protected, an attacker might compromise the asset through alternate paths. These alternate paths could be through shadow or mirror registers inside the IP core, or could be paths from other external-facing interfaces to the IP core or SoC. Consider an SoC with various interfaces such as UART, SMBUS, PCIe, USB, etc. If access control is implemented for SoC internal registers only over the PCIe interface, then an attacker could still modify the SoC internal registers through alternate paths by coming through interfaces such as UART, SMBUS, USB, etc. Alternatively, attackers might be able to bypass existing protections by exploiting unprotected, shadow registers. Shadow registers and mirror registers typically refer to registers that can be accessed from multiple addresses. Writing to or reading from the aliased/mirrored address has the same effect as writing to the address of the main register. They are typically implemented within an IP core or SoC to temporarily hold certain data. These data will later be updated to the main register, and both registers will be in synch. If the shadow registers are not access-protected, attackers could simply initiate transactions to the shadow registers and compromise system security.

Last updated: 04 July 2026 00:28 UTC

Cumulative inbound coverage

How completely the frameworks we cross-walk collectively cover this — the verdict is the strongest single mapping (overlapping partials are not summed); breadth shows the corroboration behind it.

Collective: mostly · 5 mapping(s) from 4 framework(s): CAPEC 2 (partial) · OWASP-Web 1 (mostly) · CSF 2.0 1 (partial) · ATT&CK 1 (partial)

See the full cumulative-coverage rollup →

NIST 800-53 r5 controls that address this weakness (1)AI

Control Title Family Why it addresses this CWE
SC-41Port and I/O Device AccessSCProvides protection for alternate hardware interfaces by disabling them when not required.

MITRE ATT&CK techniques this weakness enables

Our own two-way CWE↔ATT&CK cross-walk — a direct mapping with no public source (the CWE→CAPEC→ATT&CK chain leaves most top weaknesses, incl. XSS and SQLi, mapped to nothing). Drafted by Grok and spot-checked by Claude Opus 4.8.

Direction: other covers this; this covers other (F/M/P = full / mostly / partial).

Top CVEs of this weakness type, ranked by Risk Priority

CVE Risk CVSS EPSS Published
CVE-2025-10735.57.50.00192025-04-10
CVE-2025-35998 UPD5.57.90.00152026-02-10
CVE-2021-37883.56.80.00232021-11-12
CVE-2022-435573.55.30.00222022-12-05
CVE-2023-290603.55.40.00302023-11-28
CVE-2024-397233.54.60.00252024-07-08
CVE-2024-479443.56.80.00392024-10-15
CVE-2025-264093.56.80.00312025-02-11
CVE-2025-416973.56.80.00202025-12-09
CVE-2023-290631.52.40.00182023-11-28