Vulnerability Description
GIGABYTE BRIX UEFI firmware does not cryptographically validate images prior to updating the system firmware. Additionally, the firmware updates are served over HTTP. An attacker can make arbitrary modifications to firmware images without being detected.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Gigabyte | Gb-Bsi7H-6500 Firmware | f6 |
| Gigabyte | Gb-Bsi7H-6500 | - |
| Gigabyte | Gb-Bxi7-5775 Firmware | f2 |
| Gigabyte | Gb-Bxi7-5775 | - |
Related Weaknesses (CWE)
References
- http://www.securityfocus.com/bid/97294Third Party AdvisoryVDB Entry
- https://www.cylance.com/en_us/blog/gigabyte-brix-systems-vulnerabilities.htmlExploitThird Party Advisory
- https://www.kb.cert.org/vuls/id/507496Third Party AdvisoryUS Government Resource
- http://www.securityfocus.com/bid/97294Third Party AdvisoryVDB Entry
- https://www.cylance.com/en_us/blog/gigabyte-brix-systems-vulnerabilities.htmlExploitThird Party Advisory
- https://www.kb.cert.org/vuls/id/507496Third Party AdvisoryUS Government Resource
FAQ
What is CVE-2017-3198?
CVE-2017-3198 is a vulnerability with a CVSS score of 9.8 (CRITICAL). GIGABYTE BRIX UEFI firmware does not cryptographically validate images prior to updating the system firmware. Additionally, the firmware updates are served over HTTP. An attacker can make arbitrary mo...
How severe is CVE-2017-3198?
CVE-2017-3198 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2017-3198?
Check the references section above for vendor advisories and patch information. Affected products include: Gigabyte Gb-Bsi7H-6500 Firmware, Gigabyte Gb-Bsi7H-6500, Gigabyte Gb-Bxi7-5775 Firmware, Gigabyte Gb-Bxi7-5775.