GIGABYTE BRIX UEFI firmware does not cryptographically validate images prior to updating the system firmware. Additionally, the firmware updates are served over HTTP. An attacker can make arbitrary modifications to firmware images without being detected.
References
Link | Resource |
---|---|
http://www.securityfocus.com/bid/97294 | Third Party Advisory VDB Entry |
https://www.cylance.com/en_us/blog/gigabyte-brix-systems-vulnerabilities.html | Exploit Third Party Advisory |
https://www.kb.cert.org/vuls/id/507496 | Third Party Advisory US Government Resource |
http://www.securityfocus.com/bid/97294 | Third Party Advisory VDB Entry |
https://www.cylance.com/en_us/blog/gigabyte-brix-systems-vulnerabilities.html | Exploit Third Party Advisory |
https://www.kb.cert.org/vuls/id/507496 | Third Party Advisory US Government Resource |
Configurations
History
21 Nov 2024, 03:25
Type | Values Removed | Values Added |
---|---|---|
References | () http://www.securityfocus.com/bid/97294 - Third Party Advisory, VDB Entry | |
References | () https://www.cylance.com/en_us/blog/gigabyte-brix-systems-vulnerabilities.html - Exploit, Third Party Advisory | |
References | () https://www.kb.cert.org/vuls/id/507496 - Third Party Advisory, US Government Resource |
Information
Published : 2018-07-09 19:29
Updated : 2024-11-21 03:25
NVD link : CVE-2017-3198
Mitre link : CVE-2017-3198
CVE.ORG link : CVE-2017-3198
JSON object : View
Products Affected
gigabyte
- gb-bxi7-5775_firmware
- gb-bsi7h-6500_firmware
- gb-bxi7-5775
- gb-bsi7h-6500