CVE-2017-3198
N/A
N/A
Summary
GIGABYTE BRIX UEFI firmware does not cryptographically validate images prior to updating the system firmware. Additionally, the firmware updates are served over HTTP. An attacker can make arbitrary modifications to firmware images without being detected.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| GIGABYTE | GB-BSi7H-6500 | F6 | affected |
| GIGABYTE | GB-BXi7-5775 | F2 | affected |
Weaknesses
- CWE-345: CWE-345: Insufficient Verification of Data Authenticity
ADP Enrichment
CVE Program Container
Additional References
- https://www.kb.cert.org/vuls/id/507496
- http://www.securityfocus.com/bid/97294
- https://www.cylance.com/en_us/blog/gigabyte-brix-systems-vulnerabilities.html
References
- https://www.kb.cert.org/vuls/id/507496
- http://www.securityfocus.com/bid/97294
- https://www.cylance.com/en_us/blog/gigabyte-brix-systems-vulnerabilities.html
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.