VYPR

CWE-1283

Mutable Attestation or Measurement Reporting Data

BaseIncomplete

Description

The register contents used for attestation or measurement reporting data to verify boot flow are modifiable by an adversary.

Hierarchy (View 1000)

Parents

Children

none

Related attack patterns (CAPEC)

CAPEC-680

CVEs mapped to this weakness (1)

  • CVE-2023-3674Jul 19, 2023
    risk 0.00cvss epss 0.00

    A flaw was found in the keylime attestation verifier, which fails to flag a device's submitted TPM quote as faulty when the quote's signature does not validate for some reason. Instead, it will only emit an error in the log without flagging the device as untrusted.