Search criteria
6 vulnerabilities found for GB-BSi7H-6500 by GIGABYTE
VAR-201807-0115
Vulnerability from variot - Updated: 2023-12-18 12:44GIGABYTE BRIX UEFI firmware does not cryptographically validate images prior to updating the system firmware. Additionally, the firmware updates are served over HTTP. An attacker can make arbitrary modifications to firmware images without being detected. It also is not cryptographically signed. These issues can be used to run rootkits at the firmware level or permanently disrupt service to the system. (DoS) It is possible to execute an attack. Failure of protection mechanism (CWE-693) - CVE-2017-3197 GIGABYTE BRIX Platform to protect firmware writing BIOSWE , BLE , SMM_BWP , PRx There is a problem where the bits are not set properly. as a result, SPI flash May be tampered with. Also, from the support page without checksum HTTP Is provided via. For more information, Cylance Advisory for CLVA-2017-01-001 and CLVA-2017-01-002 Please refer to. CLVA-2017-01-001 https://github.com/CylanceVulnResearch/disclosures/blob/master/CLVA-2017-01-001.md CLVA-2017-01-002 https://github.com/CylanceVulnResearch/disclosures/blob/master/CLVA-2017-01-002.mdAn attacker could run a rootkit at the firmware level or permanently disrupt service to the system (DoS) An attack may be executed. Multiple GIGABYTE Products are prone to multiple security-bypass vulnerabilities. A local attacker may exploit these issues to bypass certain security restrictions and perform unauthorized actions
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201807-0115",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "gb-bsi7h-6500",
"scope": "eq",
"trust": 1.6,
"vendor": "gigabyte",
"version": "f6"
},
{
"model": "gb-bxi7-5775",
"scope": "eq",
"trust": 1.6,
"vendor": "gigabyte",
"version": "f2"
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "gigabyte",
"version": null
},
{
"model": "brix gb-bsi7h-6500",
"scope": "eq",
"trust": 0.8,
"vendor": "gigabyte",
"version": "(uefi firmware version f6)"
},
{
"model": "brix gb-bxi7-5775",
"scope": "eq",
"trust": 0.8,
"vendor": "gigabyte",
"version": "(uefi firmware version f2)"
},
{
"model": "gb-bxi7-5775 brix uefi vf6",
"scope": null,
"trust": 0.3,
"vendor": "gigabyte",
"version": null
},
{
"model": "gb-bxi7-5775 brix uefi vf2",
"scope": null,
"trust": 0.3,
"vendor": "gigabyte",
"version": null
},
{
"model": "gb-bsi7h-6500 brix uefi vf6",
"scope": null,
"trust": 0.3,
"vendor": "gigabyte",
"version": null
},
{
"model": "gb-bsi7h-6500 brix uefi vf2",
"scope": null,
"trust": 0.3,
"vendor": "gigabyte",
"version": null
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#507496"
},
{
"db": "BID",
"id": "97294"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-005602"
},
{
"db": "NVD",
"id": "CVE-2017-3198"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-591"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:gigabyte:gb-bsi7h-6500_firmware:f6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:gigabyte:gb-bsi7h-6500:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:gigabyte:gb-bxi7-5775_firmware:f2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:gigabyte:gb-bxi7-5775:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2017-3198"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Alex Matrosov of Cylance",
"sources": [
{
"db": "BID",
"id": "97294"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-591"
}
],
"trust": 0.9
},
"cve": "CVE-2017-3198",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "High",
"accessVector": "Network",
"authentication": "None",
"author": "IPA",
"availabilityImpact": "Complete",
"baseScore": 7.6,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "JVNDB-2017-005602",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "VHN-111401",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULMON",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CVE-2017-3198",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "HIGH",
"trust": 0.1,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "High",
"attackVector": "Local",
"author": "IPA",
"availabilityImpact": "High",
"baseScore": 7.0,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2017-005602",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2017-3198",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "IPA",
"id": "JVNDB-2017-005602",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-201704-591",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-111401",
"trust": 0.1,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2017-3198",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-111401"
},
{
"db": "VULMON",
"id": "CVE-2017-3198"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-005602"
},
{
"db": "NVD",
"id": "CVE-2017-3198"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-591"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "GIGABYTE BRIX UEFI firmware does not cryptographically validate images prior to updating the system firmware. Additionally, the firmware updates are served over HTTP. An attacker can make arbitrary modifications to firmware images without being detected. It also is not cryptographically signed. These issues can be used to run rootkits at the firmware level or permanently disrupt service to the system. (DoS) It is possible to execute an attack. Failure of protection mechanism (CWE-693) - CVE-2017-3197 GIGABYTE BRIX Platform to protect firmware writing BIOSWE , BLE , SMM_BWP , PRx There is a problem where the bits are not set properly. as a result, SPI flash May be tampered with. Also, from the support page without checksum HTTP Is provided via. For more information, Cylance Advisory for CLVA-2017-01-001 and CLVA-2017-01-002 Please refer to. CLVA-2017-01-001 https://github.com/CylanceVulnResearch/disclosures/blob/master/CLVA-2017-01-001.md CLVA-2017-01-002 https://github.com/CylanceVulnResearch/disclosures/blob/master/CLVA-2017-01-002.mdAn attacker could run a rootkit at the firmware level or permanently disrupt service to the system (DoS) An attack may be executed. Multiple GIGABYTE Products are prone to multiple security-bypass vulnerabilities. \nA local attacker may exploit these issues to bypass certain security restrictions and perform unauthorized actions",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-3198"
},
{
"db": "CERT/CC",
"id": "VU#507496"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-005602"
},
{
"db": "BID",
"id": "97294"
},
{
"db": "VULHUB",
"id": "VHN-111401"
},
{
"db": "VULMON",
"id": "CVE-2017-3198"
}
],
"trust": 2.79
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#507496",
"trust": 3.7
},
{
"db": "NVD",
"id": "CVE-2017-3198",
"trust": 2.9
},
{
"db": "BID",
"id": "97294",
"trust": 2.1
},
{
"db": "JVN",
"id": "JVNVU90556561",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2017-005602",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201704-591",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-111401",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2017-3198",
"trust": 0.1
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#507496"
},
{
"db": "VULHUB",
"id": "VHN-111401"
},
{
"db": "VULMON",
"id": "CVE-2017-3198"
},
{
"db": "BID",
"id": "97294"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-005602"
},
{
"db": "NVD",
"id": "CVE-2017-3198"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-591"
}
]
},
"id": "VAR-201807-0115",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-111401"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T12:44:00.526000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "GB-BSi7H-6500",
"trust": 0.8,
"url": "http://www.gigabyte.us/mini-pcbarebone/gb-bsi7h-6500-rev-10#ov"
},
{
"title": "GB-BXi7-5775",
"trust": 0.8,
"url": "http://www.gigabyte.us/mini-pcbarebone/gb-bxi7-5775-rev-10#ov"
},
{
"title": "Various GIGABYTE product security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=70177"
},
{
"title": "BleepingComputer",
"trust": 0.1,
"url": "https://www.bleepingcomputer.com/news/security/gigabyte-firmware-flaws-allow-the-installation-of-uefi-ransomware/"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2017-3198"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-005602"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-591"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-311",
"trust": 1.1
},
{
"problemtype": "CWE-347",
"trust": 1.1
},
{
"problemtype": "CWE-345",
"trust": 0.8
},
{
"problemtype": "CWE-693",
"trust": 0.8
},
{
"problemtype": "CWE-310",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-111401"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-005602"
},
{
"db": "NVD",
"id": "CVE-2017-3198"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.7,
"url": "https://www.kb.cert.org/vuls/id/507496"
},
{
"trust": 1.9,
"url": "http://www.securityfocus.com/bid/97294"
},
{
"trust": 1.8,
"url": "https://www.cylance.com/en_us/blog/gigabyte-brix-systems-vulnerabilities.html"
},
{
"trust": 1.1,
"url": "https://github.com/cylancevulnresearch/disclosures/blob/master/clva-2017-01-002.md"
},
{
"trust": 0.8,
"url": "https://cwe.mitre.org/data/definitions/693.html"
},
{
"trust": 0.8,
"url": "https://cwe.mitre.org/data/definitions/353.html"
},
{
"trust": 0.8,
"url": "http://www.gigabyte.us/mini-pcbarebone/gb-bsi7h-6500-rev-10"
},
{
"trust": 0.8,
"url": "http://www.gigabyte.us/mini-pcbarebone/gb-bxi7-5775-rev-10"
},
{
"trust": 0.8,
"url": "https://github.com/cylancevulnresearch/disclosures/blob/master/clva-2017-01-001.md"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-3197"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-3198"
},
{
"trust": 0.8,
"url": "http://jvn.jp/vu/jvnvu90556561/"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-3197"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-3198"
},
{
"trust": 0.3,
"url": "http://www.gigabyte.us/mini-pcbarebone/gb-bxi7-5775-rev-10#ov"
},
{
"trust": 0.3,
"url": "https://github.com/cylancevulnresearch/disclosures/blob/master/clva-2017-01-001.md "
},
{
"trust": 0.3,
"url": "http://www.gigabyte.us/mini-pcbarebone/gb-bsi7h-6500-rev-10#ov "
},
{
"trust": 0.3,
"url": "http://www.kb.cert.org/vuls/id/507496 "
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/347.html"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/311.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#507496"
},
{
"db": "VULHUB",
"id": "VHN-111401"
},
{
"db": "VULMON",
"id": "CVE-2017-3198"
},
{
"db": "BID",
"id": "97294"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-005602"
},
{
"db": "NVD",
"id": "CVE-2017-3198"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-591"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#507496"
},
{
"db": "VULHUB",
"id": "VHN-111401"
},
{
"db": "VULMON",
"id": "CVE-2017-3198"
},
{
"db": "BID",
"id": "97294"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-005602"
},
{
"db": "NVD",
"id": "CVE-2017-3198"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-591"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-03-31T00:00:00",
"db": "CERT/CC",
"id": "VU#507496"
},
{
"date": "2018-07-09T00:00:00",
"db": "VULHUB",
"id": "VHN-111401"
},
{
"date": "2018-07-09T00:00:00",
"db": "VULMON",
"id": "CVE-2017-3198"
},
{
"date": "2017-03-31T00:00:00",
"db": "BID",
"id": "97294"
},
{
"date": "2017-08-02T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-005602"
},
{
"date": "2018-07-09T19:29:00.343000",
"db": "NVD",
"id": "CVE-2017-3198"
},
{
"date": "2017-03-31T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201704-591"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-03-31T00:00:00",
"db": "CERT/CC",
"id": "VU#507496"
},
{
"date": "2019-10-09T00:00:00",
"db": "VULHUB",
"id": "VHN-111401"
},
{
"date": "2019-10-09T00:00:00",
"db": "VULMON",
"id": "CVE-2017-3198"
},
{
"date": "2017-04-04T00:03:00",
"db": "BID",
"id": "97294"
},
{
"date": "2017-08-02T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-005602"
},
{
"date": "2019-10-09T23:27:22.040000",
"db": "NVD",
"id": "CVE-2017-3198"
},
{
"date": "2019-10-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201704-591"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201704-591"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "GIGABYTE BRIX UEFI firmware fails to implement write protection and is not cryptographically signed",
"sources": [
{
"db": "CERT/CC",
"id": "VU#507496"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "data forgery",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201704-591"
}
],
"trust": 0.6
}
}
VAR-201807-0114
Vulnerability from variot - Updated: 2023-12-18 12:44GIGABYTE BRIX UEFI firmware for the GB-BSi7H-6500 (version F6) and GB-BXi7-5775 (version F2) platforms does not securely implement BIOSWE, BLE, SMM_BWP, and PRx features. As a result, the BIOS is not protected from arbitrary write access and may permit modifications to the SPI flash. It also is not cryptographically signed. These issues can be used to run rootkits at the firmware level or permanently disrupt service to the system. (DoS) It is possible to execute an attack. Failure of protection mechanism (CWE-693) - CVE-2017-3197 GIGABYTE BRIX Platform to protect firmware writing BIOSWE , BLE , SMM_BWP , PRx There is a problem where the bits are not set properly. as a result, SPI flash May be tampered with. Inadequate verification of data reliability (CWE-345) - CVE-2017-3198 GIGABYTE BRIX of UEFI Firmware update is not signed. Also, from the support page without checksum HTTP Is provided via. As a result, even if the firmware is tampered with, it cannot be detected. For more information, Cylance Advisory for CLVA-2017-01-001 and CLVA-2017-01-002 Please refer to. CLVA-2017-01-001 https://github.com/CylanceVulnResearch/disclosures/blob/master/CLVA-2017-01-001.md CLVA-2017-01-002 https://github.com/CylanceVulnResearch/disclosures/blob/master/CLVA-2017-01-002.mdAn attacker could run a rootkit at the firmware level or permanently disrupt service to the system (DoS) An attack may be executed. Multiple GIGABYTE Products are prone to multiple security-bypass vulnerabilities. A local attacker may exploit these issues to bypass certain security restrictions and perform unauthorized actions
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201807-0114",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "gb-bsi7h-6500",
"scope": "eq",
"trust": 1.6,
"vendor": "gigabyte",
"version": "f6"
},
{
"model": "gb-bxi7-5775",
"scope": "eq",
"trust": 1.6,
"vendor": "gigabyte",
"version": "f2"
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "gigabyte",
"version": null
},
{
"model": "brix gb-bsi7h-6500",
"scope": "eq",
"trust": 0.8,
"vendor": "gigabyte",
"version": "(uefi firmware version f6)"
},
{
"model": "brix gb-bxi7-5775",
"scope": "eq",
"trust": 0.8,
"vendor": "gigabyte",
"version": "(uefi firmware version f2)"
},
{
"model": "gb-bxi7-5775 brix uefi vf6",
"scope": null,
"trust": 0.3,
"vendor": "gigabyte",
"version": null
},
{
"model": "gb-bxi7-5775 brix uefi vf2",
"scope": null,
"trust": 0.3,
"vendor": "gigabyte",
"version": null
},
{
"model": "gb-bsi7h-6500 brix uefi vf6",
"scope": null,
"trust": 0.3,
"vendor": "gigabyte",
"version": null
},
{
"model": "gb-bsi7h-6500 brix uefi vf2",
"scope": null,
"trust": 0.3,
"vendor": "gigabyte",
"version": null
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#507496"
},
{
"db": "BID",
"id": "97294"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-005602"
},
{
"db": "NVD",
"id": "CVE-2017-3197"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-590"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:gigabyte:gb-bsi7h-6500_firmware:f6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:gigabyte:gb-bsi7h-6500:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:gigabyte:gb-bxi7-5775_firmware:f2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:gigabyte:gb-bxi7-5775:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2017-3197"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Alex Matrosov of Cylance",
"sources": [
{
"db": "BID",
"id": "97294"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-590"
}
],
"trust": 0.9
},
"cve": "CVE-2017-3197",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "High",
"accessVector": "Network",
"authentication": "None",
"author": "IPA",
"availabilityImpact": "Complete",
"baseScore": 7.6,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "JVNDB-2017-005602",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "VHN-111400",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULMON",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CVE-2017-3197",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "HIGH",
"trust": 0.1,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "High",
"attackVector": "Local",
"author": "IPA",
"availabilityImpact": "High",
"baseScore": 7.0,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2017-005602",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2017-3197",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "IPA",
"id": "JVNDB-2017-005602",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-201704-590",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-111400",
"trust": 0.1,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2017-3197",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-111400"
},
{
"db": "VULMON",
"id": "CVE-2017-3197"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-005602"
},
{
"db": "NVD",
"id": "CVE-2017-3197"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-590"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "GIGABYTE BRIX UEFI firmware for the GB-BSi7H-6500 (version F6) and GB-BXi7-5775 (version F2) platforms does not securely implement BIOSWE, BLE, SMM_BWP, and PRx features. As a result, the BIOS is not protected from arbitrary write access and may permit modifications to the SPI flash. It also is not cryptographically signed. These issues can be used to run rootkits at the firmware level or permanently disrupt service to the system. (DoS) It is possible to execute an attack. Failure of protection mechanism (CWE-693) - CVE-2017-3197 GIGABYTE BRIX Platform to protect firmware writing BIOSWE , BLE , SMM_BWP , PRx There is a problem where the bits are not set properly. as a result, SPI flash May be tampered with. Inadequate verification of data reliability (CWE-345) - CVE-2017-3198 GIGABYTE BRIX of UEFI Firmware update is not signed. Also, from the support page without checksum HTTP Is provided via. As a result, even if the firmware is tampered with, it cannot be detected. For more information, Cylance Advisory for CLVA-2017-01-001 and CLVA-2017-01-002 Please refer to. CLVA-2017-01-001 https://github.com/CylanceVulnResearch/disclosures/blob/master/CLVA-2017-01-001.md CLVA-2017-01-002 https://github.com/CylanceVulnResearch/disclosures/blob/master/CLVA-2017-01-002.mdAn attacker could run a rootkit at the firmware level or permanently disrupt service to the system (DoS) An attack may be executed. Multiple GIGABYTE Products are prone to multiple security-bypass vulnerabilities. \nA local attacker may exploit these issues to bypass certain security restrictions and perform unauthorized actions",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-3197"
},
{
"db": "CERT/CC",
"id": "VU#507496"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-005602"
},
{
"db": "BID",
"id": "97294"
},
{
"db": "VULHUB",
"id": "VHN-111400"
},
{
"db": "VULMON",
"id": "CVE-2017-3197"
}
],
"trust": 2.79
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#507496",
"trust": 3.7
},
{
"db": "NVD",
"id": "CVE-2017-3197",
"trust": 2.9
},
{
"db": "BID",
"id": "97294",
"trust": 2.1
},
{
"db": "JVN",
"id": "JVNVU90556561",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2017-005602",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201704-590",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-111400",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2017-3197",
"trust": 0.1
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#507496"
},
{
"db": "VULHUB",
"id": "VHN-111400"
},
{
"db": "VULMON",
"id": "CVE-2017-3197"
},
{
"db": "BID",
"id": "97294"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-005602"
},
{
"db": "NVD",
"id": "CVE-2017-3197"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-590"
}
]
},
"id": "VAR-201807-0114",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-111400"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T12:44:00.562000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "GB-BSi7H-6500",
"trust": 0.8,
"url": "http://www.gigabyte.us/mini-pcbarebone/gb-bsi7h-6500-rev-10#ov"
},
{
"title": "GB-BXi7-5775",
"trust": 0.8,
"url": "http://www.gigabyte.us/mini-pcbarebone/gb-bxi7-5775-rev-10#ov"
},
{
"title": "Various GIGABYTE product security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=70176"
},
{
"title": "BleepingComputer",
"trust": 0.1,
"url": "https://www.bleepingcomputer.com/news/security/gigabyte-firmware-flaws-allow-the-installation-of-uefi-ransomware/"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2017-3197"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-005602"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-590"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-20",
"trust": 1.1
},
{
"problemtype": "CWE-345",
"trust": 0.8
},
{
"problemtype": "CWE-693",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-111400"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-005602"
},
{
"db": "NVD",
"id": "CVE-2017-3197"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.9,
"url": "https://github.com/cylancevulnresearch/disclosures/blob/master/clva-2017-01-002.md"
},
{
"trust": 2.7,
"url": "https://www.kb.cert.org/vuls/id/507496"
},
{
"trust": 2.6,
"url": "https://github.com/cylancevulnresearch/disclosures/blob/master/clva-2017-01-001.md"
},
{
"trust": 1.9,
"url": "http://www.securityfocus.com/bid/97294"
},
{
"trust": 1.8,
"url": "https://www.cylance.com/en_us/blog/gigabyte-brix-systems-vulnerabilities.html"
},
{
"trust": 0.8,
"url": "https://cwe.mitre.org/data/definitions/693.html"
},
{
"trust": 0.8,
"url": "https://cwe.mitre.org/data/definitions/353.html"
},
{
"trust": 0.8,
"url": "http://www.gigabyte.us/mini-pcbarebone/gb-bsi7h-6500-rev-10"
},
{
"trust": 0.8,
"url": "http://www.gigabyte.us/mini-pcbarebone/gb-bxi7-5775-rev-10"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-3197"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-3198"
},
{
"trust": 0.8,
"url": "http://jvn.jp/vu/jvnvu90556561/"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-3197"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-3198"
},
{
"trust": 0.3,
"url": "http://www.gigabyte.us/mini-pcbarebone/gb-bxi7-5775-rev-10#ov"
},
{
"trust": 0.3,
"url": "https://github.com/cylancevulnresearch/disclosures/blob/master/clva-2017-01-001.md "
},
{
"trust": 0.3,
"url": "http://www.gigabyte.us/mini-pcbarebone/gb-bsi7h-6500-rev-10#ov "
},
{
"trust": 0.3,
"url": "http://www.kb.cert.org/vuls/id/507496 "
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/20.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#507496"
},
{
"db": "VULHUB",
"id": "VHN-111400"
},
{
"db": "VULMON",
"id": "CVE-2017-3197"
},
{
"db": "BID",
"id": "97294"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-005602"
},
{
"db": "NVD",
"id": "CVE-2017-3197"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-590"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#507496"
},
{
"db": "VULHUB",
"id": "VHN-111400"
},
{
"db": "VULMON",
"id": "CVE-2017-3197"
},
{
"db": "BID",
"id": "97294"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-005602"
},
{
"db": "NVD",
"id": "CVE-2017-3197"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-590"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-03-31T00:00:00",
"db": "CERT/CC",
"id": "VU#507496"
},
{
"date": "2018-07-09T00:00:00",
"db": "VULHUB",
"id": "VHN-111400"
},
{
"date": "2018-07-09T00:00:00",
"db": "VULMON",
"id": "CVE-2017-3197"
},
{
"date": "2017-03-31T00:00:00",
"db": "BID",
"id": "97294"
},
{
"date": "2017-08-02T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-005602"
},
{
"date": "2018-07-09T19:29:00.247000",
"db": "NVD",
"id": "CVE-2017-3197"
},
{
"date": "2017-03-31T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201704-590"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-03-31T00:00:00",
"db": "CERT/CC",
"id": "VU#507496"
},
{
"date": "2019-10-09T00:00:00",
"db": "VULHUB",
"id": "VHN-111400"
},
{
"date": "2019-10-09T00:00:00",
"db": "VULMON",
"id": "CVE-2017-3197"
},
{
"date": "2017-04-04T00:03:00",
"db": "BID",
"id": "97294"
},
{
"date": "2017-08-02T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-005602"
},
{
"date": "2019-10-09T23:27:21.853000",
"db": "NVD",
"id": "CVE-2017-3197"
},
{
"date": "2019-10-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201704-590"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201704-590"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "GIGABYTE BRIX UEFI firmware fails to implement write protection and is not cryptographically signed",
"sources": [
{
"db": "CERT/CC",
"id": "VU#507496"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "input validation error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201704-590"
}
],
"trust": 0.6
}
}
CVE-2017-3198 (GCVE-0-2017-3198)
Vulnerability from cvelistv5 – Published: 2018-07-09 19:00 – Updated: 2024-08-05 14:16
VLAI?
Title
GIGABYTE BRIX UEFI firmware is not cryptographically signed
Summary
GIGABYTE BRIX UEFI firmware does not cryptographically validate images prior to updating the system firmware. Additionally, the firmware updates are served over HTTP. An attacker can make arbitrary modifications to firmware images without being detected.
Severity ?
No CVSS data available.
CWE
- CWE-345 - Insufficient Verification of Data Authenticity
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| GIGABYTE | GB-BSi7H-6500 |
Affected:
F6
|
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T14:16:28.250Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "VU#507496",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "https://www.kb.cert.org/vuls/id/507496"
},
{
"name": "97294",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/97294"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.cylance.com/en_us/blog/gigabyte-brix-systems-vulnerabilities.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "GB-BSi7H-6500",
"vendor": "GIGABYTE",
"versions": [
{
"status": "affected",
"version": "F6"
}
]
},
{
"product": "GB-BXi7-5775",
"vendor": "GIGABYTE",
"versions": [
{
"status": "affected",
"version": "F2"
}
]
}
],
"datePublic": "2017-03-31T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "GIGABYTE BRIX UEFI firmware does not cryptographically validate images prior to updating the system firmware. Additionally, the firmware updates are served over HTTP. An attacker can make arbitrary modifications to firmware images without being detected."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-345",
"description": "CWE-345: Insufficient Verification of Data Authenticity",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-07-09T18:57:01",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"name": "VU#507496",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "https://www.kb.cert.org/vuls/id/507496"
},
{
"name": "97294",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/97294"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.cylance.com/en_us/blog/gigabyte-brix-systems-vulnerabilities.html"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "GIGABYTE BRIX UEFI firmware is not cryptographically signed",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2017-3198",
"STATE": "PUBLIC",
"TITLE": "GIGABYTE BRIX UEFI firmware is not cryptographically signed"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "GB-BSi7H-6500",
"version": {
"version_data": [
{
"affected": "=",
"version_affected": "=",
"version_name": "F6",
"version_value": "F6"
}
]
}
},
{
"product_name": "GB-BXi7-5775",
"version": {
"version_data": [
{
"affected": "=",
"version_affected": "=",
"version_name": "F2",
"version_value": "F2"
}
]
}
}
]
},
"vendor_name": "GIGABYTE"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "GIGABYTE BRIX UEFI firmware does not cryptographically validate images prior to updating the system firmware. Additionally, the firmware updates are served over HTTP. An attacker can make arbitrary modifications to firmware images without being detected."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-345: Insufficient Verification of Data Authenticity"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#507496",
"refsource": "CERT-VN",
"url": "https://www.kb.cert.org/vuls/id/507496"
},
{
"name": "97294",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/97294"
},
{
"name": "https://www.cylance.com/en_us/blog/gigabyte-brix-systems-vulnerabilities.html",
"refsource": "MISC",
"url": "https://www.cylance.com/en_us/blog/gigabyte-brix-systems-vulnerabilities.html"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2017-3198",
"datePublished": "2018-07-09T19:00:00",
"dateReserved": "2016-12-05T00:00:00",
"dateUpdated": "2024-08-05T14:16:28.250Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-3197 (GCVE-0-2017-3197)
Vulnerability from cvelistv5 – Published: 2018-07-09 19:00 – Updated: 2024-08-05 14:16
VLAI?
Title
GIGABYTE BRIX UEFI firmware fails to securely implement BIOS write protection
Summary
GIGABYTE BRIX UEFI firmware for the GB-BSi7H-6500 (version F6) and GB-BXi7-5775 (version F2) platforms does not securely implement BIOSWE, BLE, SMM_BWP, and PRx features. As a result, the BIOS is not protected from arbitrary write access and may permit modifications to the SPI flash.
Severity ?
No CVSS data available.
CWE
- CWE-693 - Protection Mechanism Failure
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| GIGABYTE | GB-BSi7H-6500 |
Affected:
F6
|
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T14:16:28.250Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/CylanceVulnResearch/disclosures/blob/master/CLVA-2017-01-001.md"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/CylanceVulnResearch/disclosures/blob/master/CLVA-2017-01-002.md"
},
{
"name": "VU#507496",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "https://www.kb.cert.org/vuls/id/507496"
},
{
"name": "97294",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/97294"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.cylance.com/en_us/blog/gigabyte-brix-systems-vulnerabilities.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "GB-BSi7H-6500",
"vendor": "GIGABYTE",
"versions": [
{
"status": "affected",
"version": "F6"
}
]
},
{
"product": "GB-BXi7-5775",
"vendor": "GIGABYTE",
"versions": [
{
"status": "affected",
"version": "F2"
}
]
}
],
"datePublic": "2017-03-31T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "GIGABYTE BRIX UEFI firmware for the GB-BSi7H-6500 (version F6) and GB-BXi7-5775 (version F2) platforms does not securely implement BIOSWE, BLE, SMM_BWP, and PRx features. As a result, the BIOS is not protected from arbitrary write access and may permit modifications to the SPI flash."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-693",
"description": "CWE-693: Protection Mechanism Failure",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-07-09T18:57:01",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/CylanceVulnResearch/disclosures/blob/master/CLVA-2017-01-001.md"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/CylanceVulnResearch/disclosures/blob/master/CLVA-2017-01-002.md"
},
{
"name": "VU#507496",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "https://www.kb.cert.org/vuls/id/507496"
},
{
"name": "97294",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/97294"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.cylance.com/en_us/blog/gigabyte-brix-systems-vulnerabilities.html"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "GIGABYTE BRIX UEFI firmware fails to securely implement BIOS write protection",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2017-3197",
"STATE": "PUBLIC",
"TITLE": "GIGABYTE BRIX UEFI firmware fails to securely implement BIOS write protection"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "GB-BSi7H-6500",
"version": {
"version_data": [
{
"affected": "=",
"version_affected": "=",
"version_name": "F6",
"version_value": "F6"
}
]
}
},
{
"product_name": "GB-BXi7-5775",
"version": {
"version_data": [
{
"affected": "=",
"version_affected": "=",
"version_name": "F2",
"version_value": "F2"
}
]
}
}
]
},
"vendor_name": "GIGABYTE"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "GIGABYTE BRIX UEFI firmware for the GB-BSi7H-6500 (version F6) and GB-BXi7-5775 (version F2) platforms does not securely implement BIOSWE, BLE, SMM_BWP, and PRx features. As a result, the BIOS is not protected from arbitrary write access and may permit modifications to the SPI flash."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-693: Protection Mechanism Failure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/CylanceVulnResearch/disclosures/blob/master/CLVA-2017-01-001.md",
"refsource": "MISC",
"url": "https://github.com/CylanceVulnResearch/disclosures/blob/master/CLVA-2017-01-001.md"
},
{
"name": "https://github.com/CylanceVulnResearch/disclosures/blob/master/CLVA-2017-01-002.md",
"refsource": "MISC",
"url": "https://github.com/CylanceVulnResearch/disclosures/blob/master/CLVA-2017-01-002.md"
},
{
"name": "VU#507496",
"refsource": "CERT-VN",
"url": "https://www.kb.cert.org/vuls/id/507496"
},
{
"name": "97294",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/97294"
},
{
"name": "https://www.cylance.com/en_us/blog/gigabyte-brix-systems-vulnerabilities.html",
"refsource": "MISC",
"url": "https://www.cylance.com/en_us/blog/gigabyte-brix-systems-vulnerabilities.html"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2017-3197",
"datePublished": "2018-07-09T19:00:00",
"dateReserved": "2016-12-05T00:00:00",
"dateUpdated": "2024-08-05T14:16:28.250Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-3198 (GCVE-0-2017-3198)
Vulnerability from nvd – Published: 2018-07-09 19:00 – Updated: 2024-08-05 14:16
VLAI?
Title
GIGABYTE BRIX UEFI firmware is not cryptographically signed
Summary
GIGABYTE BRIX UEFI firmware does not cryptographically validate images prior to updating the system firmware. Additionally, the firmware updates are served over HTTP. An attacker can make arbitrary modifications to firmware images without being detected.
Severity ?
No CVSS data available.
CWE
- CWE-345 - Insufficient Verification of Data Authenticity
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| GIGABYTE | GB-BSi7H-6500 |
Affected:
F6
|
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T14:16:28.250Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "VU#507496",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "https://www.kb.cert.org/vuls/id/507496"
},
{
"name": "97294",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/97294"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.cylance.com/en_us/blog/gigabyte-brix-systems-vulnerabilities.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "GB-BSi7H-6500",
"vendor": "GIGABYTE",
"versions": [
{
"status": "affected",
"version": "F6"
}
]
},
{
"product": "GB-BXi7-5775",
"vendor": "GIGABYTE",
"versions": [
{
"status": "affected",
"version": "F2"
}
]
}
],
"datePublic": "2017-03-31T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "GIGABYTE BRIX UEFI firmware does not cryptographically validate images prior to updating the system firmware. Additionally, the firmware updates are served over HTTP. An attacker can make arbitrary modifications to firmware images without being detected."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-345",
"description": "CWE-345: Insufficient Verification of Data Authenticity",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-07-09T18:57:01",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"name": "VU#507496",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "https://www.kb.cert.org/vuls/id/507496"
},
{
"name": "97294",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/97294"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.cylance.com/en_us/blog/gigabyte-brix-systems-vulnerabilities.html"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "GIGABYTE BRIX UEFI firmware is not cryptographically signed",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2017-3198",
"STATE": "PUBLIC",
"TITLE": "GIGABYTE BRIX UEFI firmware is not cryptographically signed"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "GB-BSi7H-6500",
"version": {
"version_data": [
{
"affected": "=",
"version_affected": "=",
"version_name": "F6",
"version_value": "F6"
}
]
}
},
{
"product_name": "GB-BXi7-5775",
"version": {
"version_data": [
{
"affected": "=",
"version_affected": "=",
"version_name": "F2",
"version_value": "F2"
}
]
}
}
]
},
"vendor_name": "GIGABYTE"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "GIGABYTE BRIX UEFI firmware does not cryptographically validate images prior to updating the system firmware. Additionally, the firmware updates are served over HTTP. An attacker can make arbitrary modifications to firmware images without being detected."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-345: Insufficient Verification of Data Authenticity"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#507496",
"refsource": "CERT-VN",
"url": "https://www.kb.cert.org/vuls/id/507496"
},
{
"name": "97294",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/97294"
},
{
"name": "https://www.cylance.com/en_us/blog/gigabyte-brix-systems-vulnerabilities.html",
"refsource": "MISC",
"url": "https://www.cylance.com/en_us/blog/gigabyte-brix-systems-vulnerabilities.html"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2017-3198",
"datePublished": "2018-07-09T19:00:00",
"dateReserved": "2016-12-05T00:00:00",
"dateUpdated": "2024-08-05T14:16:28.250Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-3197 (GCVE-0-2017-3197)
Vulnerability from nvd – Published: 2018-07-09 19:00 – Updated: 2024-08-05 14:16
VLAI?
Title
GIGABYTE BRIX UEFI firmware fails to securely implement BIOS write protection
Summary
GIGABYTE BRIX UEFI firmware for the GB-BSi7H-6500 (version F6) and GB-BXi7-5775 (version F2) platforms does not securely implement BIOSWE, BLE, SMM_BWP, and PRx features. As a result, the BIOS is not protected from arbitrary write access and may permit modifications to the SPI flash.
Severity ?
No CVSS data available.
CWE
- CWE-693 - Protection Mechanism Failure
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| GIGABYTE | GB-BSi7H-6500 |
Affected:
F6
|
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T14:16:28.250Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/CylanceVulnResearch/disclosures/blob/master/CLVA-2017-01-001.md"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/CylanceVulnResearch/disclosures/blob/master/CLVA-2017-01-002.md"
},
{
"name": "VU#507496",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "https://www.kb.cert.org/vuls/id/507496"
},
{
"name": "97294",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/97294"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.cylance.com/en_us/blog/gigabyte-brix-systems-vulnerabilities.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "GB-BSi7H-6500",
"vendor": "GIGABYTE",
"versions": [
{
"status": "affected",
"version": "F6"
}
]
},
{
"product": "GB-BXi7-5775",
"vendor": "GIGABYTE",
"versions": [
{
"status": "affected",
"version": "F2"
}
]
}
],
"datePublic": "2017-03-31T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "GIGABYTE BRIX UEFI firmware for the GB-BSi7H-6500 (version F6) and GB-BXi7-5775 (version F2) platforms does not securely implement BIOSWE, BLE, SMM_BWP, and PRx features. As a result, the BIOS is not protected from arbitrary write access and may permit modifications to the SPI flash."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-693",
"description": "CWE-693: Protection Mechanism Failure",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-07-09T18:57:01",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/CylanceVulnResearch/disclosures/blob/master/CLVA-2017-01-001.md"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/CylanceVulnResearch/disclosures/blob/master/CLVA-2017-01-002.md"
},
{
"name": "VU#507496",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "https://www.kb.cert.org/vuls/id/507496"
},
{
"name": "97294",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/97294"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.cylance.com/en_us/blog/gigabyte-brix-systems-vulnerabilities.html"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "GIGABYTE BRIX UEFI firmware fails to securely implement BIOS write protection",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2017-3197",
"STATE": "PUBLIC",
"TITLE": "GIGABYTE BRIX UEFI firmware fails to securely implement BIOS write protection"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "GB-BSi7H-6500",
"version": {
"version_data": [
{
"affected": "=",
"version_affected": "=",
"version_name": "F6",
"version_value": "F6"
}
]
}
},
{
"product_name": "GB-BXi7-5775",
"version": {
"version_data": [
{
"affected": "=",
"version_affected": "=",
"version_name": "F2",
"version_value": "F2"
}
]
}
}
]
},
"vendor_name": "GIGABYTE"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "GIGABYTE BRIX UEFI firmware for the GB-BSi7H-6500 (version F6) and GB-BXi7-5775 (version F2) platforms does not securely implement BIOSWE, BLE, SMM_BWP, and PRx features. As a result, the BIOS is not protected from arbitrary write access and may permit modifications to the SPI flash."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-693: Protection Mechanism Failure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/CylanceVulnResearch/disclosures/blob/master/CLVA-2017-01-001.md",
"refsource": "MISC",
"url": "https://github.com/CylanceVulnResearch/disclosures/blob/master/CLVA-2017-01-001.md"
},
{
"name": "https://github.com/CylanceVulnResearch/disclosures/blob/master/CLVA-2017-01-002.md",
"refsource": "MISC",
"url": "https://github.com/CylanceVulnResearch/disclosures/blob/master/CLVA-2017-01-002.md"
},
{
"name": "VU#507496",
"refsource": "CERT-VN",
"url": "https://www.kb.cert.org/vuls/id/507496"
},
{
"name": "97294",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/97294"
},
{
"name": "https://www.cylance.com/en_us/blog/gigabyte-brix-systems-vulnerabilities.html",
"refsource": "MISC",
"url": "https://www.cylance.com/en_us/blog/gigabyte-brix-systems-vulnerabilities.html"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2017-3197",
"datePublished": "2018-07-09T19:00:00",
"dateReserved": "2016-12-05T00:00:00",
"dateUpdated": "2024-08-05T14:16:28.250Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}