CWE-1283
Mutable Attestation or Measurement Reporting Data
BaseIncomplete
Description
The register contents used for attestation or measurement reporting data to verify boot flow are modifiable by an adversary.
Hierarchy (View 1000)
Parents
Children
none
Related attack patterns (CAPEC)
CAPEC-680
CVEs mapped to this weakness (1)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2023-3674 | 0.00 | — | 0.00 | Jul 19, 2023 | A flaw was found in the keylime attestation verifier, which fails to flag a device's submitted TPM quote as faulty when the quote's signature does not validate for some reason. Instead, it will only emit an error in the log without flagging the device as untrusted. |
- CVE-2023-3674Jul 19, 2023risk 0.00cvss —epss 0.00
A flaw was found in the keylime attestation verifier, which fails to flag a device's submitted TPM quote as faulty when the quote's signature does not validate for some reason. Instead, it will only emit an error in the log without flagging the device as untrusted.