GIGABYTE BRIX UEFI firmware does not cryptographically validate images prior to updating the system firmware. Additionally, the firmware updates are served over HTTP. An attacker can make arbitrary modifications to firmware images without being detected.
References
Link | Resource |
---|---|
http://www.securityfocus.com/bid/97294 | Third Party Advisory VDB Entry |
https://www.cylance.com/en_us/blog/gigabyte-brix-systems-vulnerabilities.html | Exploit Third Party Advisory |
https://www.kb.cert.org/vuls/id/507496 | Third Party Advisory US Government Resource |
Configurations
History
No history.
Information
Published : 2018-07-09 19:29
Updated : 2024-02-28 16:25
NVD link : CVE-2017-3198
Mitre link : CVE-2017-3198
CVE.ORG link : CVE-2017-3198
JSON object : View
Products Affected
gigabyte
- gb-bxi7-5775_firmware
- gb-bsi7h-6500
- gb-bsi7h-6500_firmware
- gb-bxi7-5775