CVE-2017-3198

NONE EPSS 72.8%
Published Jul 9, 20187y ago · Modified Jun 17, 20262w ago
Find Similar
Published Jul 9, 2018 7y ago
Last Modified Jun 17, 2026 2w ago

Description

GIGABYTE BRIX UEFI firmware does not cryptographically validate images prior to updating the system firmware. Additionally, the firmware updates are served over HTTP. An attacker can make arbitrary modifications to firmware images without being detected.

Threat Intelligence

EPSS Exploit Probability
72.8% percentile
Exploit & Patch Status
Public Exploit Known
No Patch Available

Weaknesses 3

CWE-311
CWE-345
CWE-347

Affected Products 4

VendorProductVersionRange
gigabytegb-bsi7h-6500_firmwaref6any
gigabytegb-bsi7h-6500*any
gigabytegb-bxi7-5775_firmwaref2any
gigabytegb-bxi7-5775*any

References 3

  • securityfocus.com http://www.securityfocus.com/bid/97294
    Third Party AdvisoryVDB Entry
  • cylance.com https://www.cylance.com/en_us/blog/gigabyte-brix-systems-vulnerabilities.html
    ExploitThird Party Advisory
  • kb.cert.org https://www.kb.cert.org/vuls/id/507496
    Third Party AdvisoryUS Government Resource

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.