cvelistv5 - cve-2017-3197

CVE-2017-3197 (GCVE-0-2017-3197)

Vulnerability from cvelistv5 – Published: 2018-07-09 19:00 – Updated: 2024-08-05 14:16

Summary

Severity ?

No CVSS data available.

CWE

CWE-693 - Protection Mechanism Failure

Assigner

certcc

References

URL

Tags

	https://github.com/CylanceVulnResearch/disclosure…	x_refsource_MISC
	https://github.com/CylanceVulnResearch/disclosure…	x_refsource_MISC
	https://www.kb.cert.org/vuls/id/507496	third-party-advisoryx_refsource_CERT-VN
	http://www.securityfocus.com/bid/97294	vdb-entryx_refsource_BID
	https://www.cylance.com/en_us/blog/gigabyte-brix-…	x_refsource_MISC

Impacted products

Vendor

Product

Version

Affected: F6

Affected: F2

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T14:16:28.250Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/CylanceVulnResearch/disclosures/blob/master/CLVA-2017-01-001.md"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/CylanceVulnResearch/disclosures/blob/master/CLVA-2017-01-002.md"
          },
          {
            "name": "VU#507496",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT-VN",
              "x_transferred"
            ],
            "url": "https://www.kb.cert.org/vuls/id/507496"
          },
          {
            "name": "97294",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/97294"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.cylance.com/en_us/blog/gigabyte-brix-systems-vulnerabilities.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "GB-BSi7H-6500",
          "vendor": "GIGABYTE",
          "versions": [
            {
              "status": "affected",
              "version": "F6"
            }
          ]
        },
        {
          "product": "GB-BXi7-5775",
          "vendor": "GIGABYTE",
          "versions": [
            {
              "status": "affected",
              "version": "F2"
            }
          ]
        }
      ],
      "datePublic": "2017-03-31T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "GIGABYTE BRIX UEFI firmware for the GB-BSi7H-6500 (version F6) and GB-BXi7-5775 (version F2) platforms does not securely implement BIOSWE, BLE, SMM_BWP, and PRx features. As a result, the BIOS is not protected from arbitrary write access and may permit modifications to the SPI flash."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-693",
              "description": "CWE-693: Protection Mechanism Failure",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-07-09T18:57:01",
        "orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
        "shortName": "certcc"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/CylanceVulnResearch/disclosures/blob/master/CLVA-2017-01-001.md"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/CylanceVulnResearch/disclosures/blob/master/CLVA-2017-01-002.md"
        },
        {
          "name": "VU#507496",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT-VN"
          ],
          "url": "https://www.kb.cert.org/vuls/id/507496"
        },
        {
          "name": "97294",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/97294"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.cylance.com/en_us/blog/gigabyte-brix-systems-vulnerabilities.html"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "GIGABYTE BRIX UEFI firmware fails to securely implement BIOS write protection",
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cert@cert.org",
          "ID": "CVE-2017-3197",
          "STATE": "PUBLIC",
          "TITLE": "GIGABYTE BRIX UEFI firmware fails to securely implement BIOS write protection"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "GB-BSi7H-6500",
                      "version": {
                        "version_data": [
                          {
                            "affected": "=",
                            "version_affected": "=",
                            "version_name": "F6",
                            "version_value": "F6"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "GB-BXi7-5775",
                      "version": {
                        "version_data": [
                          {
                            "affected": "=",
                            "version_affected": "=",
                            "version_name": "F2",
                            "version_value": "F2"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "GIGABYTE"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "GIGABYTE BRIX UEFI firmware for the GB-BSi7H-6500 (version F6) and GB-BXi7-5775 (version F2) platforms does not securely implement BIOSWE, BLE, SMM_BWP, and PRx features. As a result, the BIOS is not protected from arbitrary write access and may permit modifications to the SPI flash."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-693: Protection Mechanism Failure"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://github.com/CylanceVulnResearch/disclosures/blob/master/CLVA-2017-01-001.md",
              "refsource": "MISC",
              "url": "https://github.com/CylanceVulnResearch/disclosures/blob/master/CLVA-2017-01-001.md"
            },
            {
              "name": "https://github.com/CylanceVulnResearch/disclosures/blob/master/CLVA-2017-01-002.md",
              "refsource": "MISC",
              "url": "https://github.com/CylanceVulnResearch/disclosures/blob/master/CLVA-2017-01-002.md"
            },
            {
              "name": "VU#507496",
              "refsource": "CERT-VN",
              "url": "https://www.kb.cert.org/vuls/id/507496"
            },
            {
              "name": "97294",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/97294"
            },
            {
              "name": "https://www.cylance.com/en_us/blog/gigabyte-brix-systems-vulnerabilities.html",
              "refsource": "MISC",
              "url": "https://www.cylance.com/en_us/blog/gigabyte-brix-systems-vulnerabilities.html"
            }
          ]
        },
        "source": {
          "discovery": "UNKNOWN"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
    "assignerShortName": "certcc",
    "cveId": "CVE-2017-3197",
    "datePublished": "2018-07-09T19:00:00",
    "dateReserved": "2016-12-05T00:00:00",
    "dateUpdated": "2024-08-05T14:16:28.250Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:gigabyte:gb-bsi7h-6500_firmware:f6:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A7A53C8F-B252-4602-9356-F77A7650F5D5\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:gigabyte:gb-bsi7h-6500:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"5B912BED-19DC-44B7-B06F-4CDF9135FB5B\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:gigabyte:gb-bxi7-5775_firmware:f2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"86E43347-B80C-45F4-AA26-A4ADA1F02CF2\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:gigabyte:gb-bxi7-5775:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"2564C261-8E5D-4EE6-A785-47DA1E7E0730\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"GIGABYTE BRIX UEFI firmware for the GB-BSi7H-6500 (version F6) and GB-BXi7-5775 (version F2) platforms does not securely implement BIOSWE, BLE, SMM_BWP, and PRx features. As a result, the BIOS is not protected from arbitrary write access and may permit modifications to the SPI flash.\"}, {\"lang\": \"es\", \"value\": \"El firmware de GIGABYTE BRIX UEFI para las plataformas GB-BSi7H-6500 (versi\\u00f3n F6) y GB-BXi7-5775 (versi\\u00f3n F2) no implementa las caracter\\u00edsticas BIOSWE, BLE, SMM_BWP, y PRx de manera segura. En consecuencia, la BIOS no est\\u00e1 protegida del acceso de escritura arbitraria y podr\\u00eda permitir modificaciones en el flash SPI.\"}]",
      "id": "CVE-2017-3197",
      "lastModified": "2024-11-21T03:25:00.867",
      "metrics": "{\"cvssMetricV30\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.0\", \"vectorString\": \"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\", \"baseScore\": 9.8, \"baseSeverity\": \"CRITICAL\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 5.9}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:N/C:C/I:C/A:C\", \"baseScore\": 10.0, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"COMPLETE\", \"integrityImpact\": \"COMPLETE\", \"availabilityImpact\": \"COMPLETE\"}, \"baseSeverity\": \"HIGH\", \"exploitabilityScore\": 10.0, \"impactScore\": 10.0, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2018-07-09T19:29:00.247",
      "references": "[{\"url\": \"http://www.securityfocus.com/bid/97294\", \"source\": \"cret@cert.org\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"https://github.com/CylanceVulnResearch/disclosures/blob/master/CLVA-2017-01-001.md\", \"source\": \"cret@cert.org\", \"tags\": [\"Exploit\", \"Third Party Advisory\"]}, {\"url\": \"https://github.com/CylanceVulnResearch/disclosures/blob/master/CLVA-2017-01-002.md\", \"source\": \"cret@cert.org\", \"tags\": [\"Exploit\", \"Third Party Advisory\"]}, {\"url\": \"https://www.cylance.com/en_us/blog/gigabyte-brix-systems-vulnerabilities.html\", \"source\": \"cret@cert.org\", \"tags\": [\"Exploit\", \"Third Party Advisory\"]}, {\"url\": \"https://www.kb.cert.org/vuls/id/507496\", \"source\": \"cret@cert.org\", \"tags\": [\"Third Party Advisory\", \"US Government Resource\"]}, {\"url\": \"http://www.securityfocus.com/bid/97294\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"https://github.com/CylanceVulnResearch/disclosures/blob/master/CLVA-2017-01-001.md\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Exploit\", \"Third Party Advisory\"]}, {\"url\": \"https://github.com/CylanceVulnResearch/disclosures/blob/master/CLVA-2017-01-002.md\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Exploit\", \"Third Party Advisory\"]}, {\"url\": \"https://www.cylance.com/en_us/blog/gigabyte-brix-systems-vulnerabilities.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Exploit\", \"Third Party Advisory\"]}, {\"url\": \"https://www.kb.cert.org/vuls/id/507496\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\", \"US Government Resource\"]}]",
      "sourceIdentifier": "cret@cert.org",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"cret@cert.org\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-693\"}]}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-20\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2017-3197\",\"sourceIdentifier\":\"cret@cert.org\",\"published\":\"2018-07-09T19:29:00.247\",\"lastModified\":\"2024-11-21T03:25:00.867\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"GIGABYTE BRIX UEFI firmware for the GB-BSi7H-6500 (version F6) and GB-BXi7-5775 (version F2) platforms does not securely implement BIOSWE, BLE, SMM_BWP, and PRx features. As a result, the BIOS is not protected from arbitrary write access and may permit modifications to the SPI flash.\"},{\"lang\":\"es\",\"value\":\"El firmware de GIGABYTE BRIX UEFI para las plataformas GB-BSi7H-6500 (versi\u00f3n F6) y GB-BXi7-5775 (versi\u00f3n F2) no implementa las caracter\u00edsticas BIOSWE, BLE, SMM_BWP, y PRx de manera segura. En consecuencia, la BIOS no est\u00e1 protegida del acceso de escritura arbitraria y podr\u00eda permitir modificaciones en el flash SPI.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":9.8,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:C/I:C/A:C\",\"baseScore\":10.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"COMPLETE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":10.0,\"impactScore\":10.0,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"cret@cert.org\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-693\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-20\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:gigabyte:gb-bsi7h-6500_firmware:f6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A7A53C8F-B252-4602-9356-F77A7650F5D5\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:gigabyte:gb-bsi7h-6500:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5B912BED-19DC-44B7-B06F-4CDF9135FB5B\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:gigabyte:gb-bxi7-5775_firmware:f2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"86E43347-B80C-45F4-AA26-A4ADA1F02CF2\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:gigabyte:gb-bxi7-5775:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2564C261-8E5D-4EE6-A785-47DA1E7E0730\"}]}]}],\"references\":[{\"url\":\"http://www.securityfocus.com/bid/97294\",\"source\":\"cret@cert.org\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://github.com/CylanceVulnResearch/disclosures/blob/master/CLVA-2017-01-001.md\",\"source\":\"cret@cert.org\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/CylanceVulnResearch/disclosures/blob/master/CLVA-2017-01-002.md\",\"source\":\"cret@cert.org\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]},{\"url\":\"https://www.cylance.com/en_us/blog/gigabyte-brix-systems-vulnerabilities.html\",\"source\":\"cret@cert.org\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]},{\"url\":\"https://www.kb.cert.org/vuls/id/507496\",\"source\":\"cret@cert.org\",\"tags\":[\"Third Party Advisory\",\"US Government Resource\"]},{\"url\":\"http://www.securityfocus.com/bid/97294\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://github.com/CylanceVulnResearch/disclosures/blob/master/CLVA-2017-01-001.md\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/CylanceVulnResearch/disclosures/blob/master/CLVA-2017-01-002.md\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]},{\"url\":\"https://www.cylance.com/en_us/blog/gigabyte-brix-systems-vulnerabilities.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]},{\"url\":\"https://www.kb.cert.org/vuls/id/507496\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"US Government Resource\"]}]}}"
  }
}

CNVD-2017-04010

Vulnerability from cnvd - Published: 2017-04-06

Title

技嘉BRIX迷你电脑存在固件更新验证缺陷漏洞

Description

技嘉（GIGABYTE）是台湾专业的主板制造商，GB-BSi7H-6500及GB-BXi7-5775是技嘉Brix小电脑，类似于英特尔NUCs。UEFI，全称“统一的可扩展固件接口”(Unified Extensible Firmware Interface)，是一种详细描述类型接口的标准。这种接口用于操作系统自动从预启动的操作环境，加载到一种操作系统上。技嘉BRIX迷你电脑存在固件更新验证缺陷漏洞，由于未在更新系统前进行固件档案的验证，攻击者可使用AFU（AMI Firmware Utility）更新工具对固件写入任意代码。

Severity

中

Formal description

技嘉即将发布GB-BSI7H-6500的的最新版本（vf7）固件。而GB-BXI7-5775已停产，厂商不在升级维护。请及时关注厂商主页： http://www.gigabyte.tw/

Reference

https://www.bleepingcomputer.com/news/security/gigabyte-firmware-flaws-allow-the-installation-of-uefi-ransomware/ http://www.securityfocus.com/bid/97294 http://www.kb.cert.org/vuls/id/507496

Impacted products

Name
['gigabyte GB-BSi7H-6500 BRIX UEFI vF2', 'gigabyte GB-BSi7H-6500 BRIX UEFI vF6', 'gigabyte GB-BXi7-5775 BRIX UEFI vF2', 'gigabyte GB-BXi7-5775 BRIX UEFI vF6']

Show details on source website

JSON

To clipboard

{
  "bids": {
    "bid": {
      "bidNumber": "97294"
    }
  },
  "cves": {
    "cve": {
      "cveNumber": "CVE-2017-3197"
    }
  },
  "description": "\u6280\u5609\uff08GIGABYTE\uff09\u662f\u53f0\u6e7e\u4e13\u4e1a\u7684\u4e3b\u677f\u5236\u9020\u5546\uff0cGB-BSi7H-6500\u53caGB-BXi7-5775\u662f\u6280\u5609Brix\u5c0f\u7535\u8111\uff0c\u7c7b\u4f3c\u4e8e\u82f1\u7279\u5c14NUCs\u3002UEFI\uff0c\u5168\u79f0\u201c\u7edf\u4e00\u7684\u53ef\u6269\u5c55\u56fa\u4ef6\u63a5\u53e3\u201d(Unified Extensible Firmware Interface)\uff0c \u662f\u4e00\u79cd\u8be6\u7ec6\u63cf\u8ff0\u7c7b\u578b\u63a5\u53e3\u7684\u6807\u51c6\u3002\u8fd9\u79cd\u63a5\u53e3\u7528\u4e8e\u64cd\u4f5c\u7cfb\u7edf\u81ea\u52a8\u4ece\u9884\u542f\u52a8\u7684\u64cd\u4f5c\u73af\u5883\uff0c\u52a0\u8f7d\u5230\u4e00\u79cd\u64cd\u4f5c\u7cfb\u7edf\u4e0a\u3002\r\n\r\n\u6280\u5609BRIX\u8ff7\u4f60\u7535\u8111\u5b58\u5728\u56fa\u4ef6\u66f4\u65b0\u9a8c\u8bc1\u7f3a\u9677\u6f0f\u6d1e\uff0c\u7531\u4e8e\u672a\u5728\u66f4\u65b0\u7cfb\u7edf\u524d\u8fdb\u884c\u56fa\u4ef6\u6863\u6848\u7684\u9a8c\u8bc1\uff0c\u653b\u51fb\u8005\u53ef\u4f7f\u7528AFU\uff08AMI Firmware Utility\uff09\u66f4\u65b0\u5de5\u5177\u5bf9\u56fa\u4ef6\u5199\u5165\u4efb\u610f\u4ee3\u7801\u3002",
  "discovererName": "Alex Matrosov of Cylance",
  "formalWay": "\u6280\u5609\u5373\u5c06\u53d1\u5e03GB-BSI7H-6500\u7684\u7684\u6700\u65b0\u7248\u672c\uff08vf7\uff09\u56fa\u4ef6\u3002\u800cGB-BXI7-5775\u5df2\u505c\u4ea7\uff0c\u5382\u5546\u4e0d\u5728\u5347\u7ea7\u7ef4\u62a4\u3002\u8bf7\u53ca\u65f6\u5173\u6ce8\u5382\u5546\u4e3b\u9875\uff1a\r\nhttp://www.gigabyte.tw/",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2017-04010",
  "openTime": "2017-04-06",
  "products": {
    "product": [
      "gigabyte GB-BSi7H-6500 BRIX UEFI vF2",
      "gigabyte GB-BSi7H-6500 BRIX UEFI vF6",
      "gigabyte GB-BXi7-5775 BRIX UEFI vF2",
      "gigabyte GB-BXi7-5775 BRIX UEFI vF6"
    ]
  },
  "referenceLink": "https://www.bleepingcomputer.com/news/security/gigabyte-firmware-flaws-allow-the-installation-of-uefi-ransomware/\r\nhttp://www.securityfocus.com/bid/97294\r\nhttp://www.kb.cert.org/vuls/id/507496",
  "serverity": "\u4e2d",
  "submitTime": "2017-04-04",
  "title": "\u6280\u5609BRIX\u8ff7\u4f60\u7535\u8111\u5b58\u5728\u56fa\u4ef6\u66f4\u65b0\u9a8c\u8bc1\u7f3a\u9677\u6f0f\u6d1e"
}

GSD-2017-3197

Vulnerability from gsd - Updated: 2023-12-13 01:21

Details

Aliases

CVE-2017-3197

Aliases

CVE-2017-3197

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2017-3197",
    "description": "GIGABYTE BRIX UEFI firmware for the GB-BSi7H-6500 (version F6) and GB-BXi7-5775 (version F2) platforms does not securely implement BIOSWE, BLE, SMM_BWP, and PRx features. As a result, the BIOS is not protected from arbitrary write access and may permit modifications to the SPI flash.",
    "id": "GSD-2017-3197"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2017-3197"
      ],
      "details": "GIGABYTE BRIX UEFI firmware for the GB-BSi7H-6500 (version F6) and GB-BXi7-5775 (version F2) platforms does not securely implement BIOSWE, BLE, SMM_BWP, and PRx features. As a result, the BIOS is not protected from arbitrary write access and may permit modifications to the SPI flash.",
      "id": "GSD-2017-3197",
      "modified": "2023-12-13T01:21:16.224553Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cert@cert.org",
        "ID": "CVE-2017-3197",
        "STATE": "PUBLIC",
        "TITLE": "GIGABYTE BRIX UEFI firmware fails to securely implement BIOS write protection"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "GB-BSi7H-6500",
                    "version": {
                      "version_data": [
                        {
                          "affected": "=",
                          "version_name": "F6",
                          "version_value": "F6"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "GB-BXi7-5775",
                    "version": {
                      "version_data": [
                        {
                          "affected": "=",
                          "version_name": "F2",
                          "version_value": "F2"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "GIGABYTE"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "GIGABYTE BRIX UEFI firmware for the GB-BSi7H-6500 (version F6) and GB-BXi7-5775 (version F2) platforms does not securely implement BIOSWE, BLE, SMM_BWP, and PRx features. As a result, the BIOS is not protected from arbitrary write access and may permit modifications to the SPI flash."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "CWE-693: Protection Mechanism Failure"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://github.com/CylanceVulnResearch/disclosures/blob/master/CLVA-2017-01-001.md",
            "refsource": "MISC",
            "url": "https://github.com/CylanceVulnResearch/disclosures/blob/master/CLVA-2017-01-001.md"
          },
          {
            "name": "https://github.com/CylanceVulnResearch/disclosures/blob/master/CLVA-2017-01-002.md",
            "refsource": "MISC",
            "url": "https://github.com/CylanceVulnResearch/disclosures/blob/master/CLVA-2017-01-002.md"
          },
          {
            "name": "VU#507496",
            "refsource": "CERT-VN",
            "url": "https://www.kb.cert.org/vuls/id/507496"
          },
          {
            "name": "97294",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/97294"
          },
          {
            "name": "https://www.cylance.com/en_us/blog/gigabyte-brix-systems-vulnerabilities.html",
            "refsource": "MISC",
            "url": "https://www.cylance.com/en_us/blog/gigabyte-brix-systems-vulnerabilities.html"
          }
        ]
      },
      "source": {
        "discovery": "UNKNOWN"
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:gigabyte:gb-bsi7h-6500_firmware:f6:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:gigabyte:gb-bsi7h-6500:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:gigabyte:gb-bxi7-5775_firmware:f2:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:gigabyte:gb-bxi7-5775:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cert@cert.org",
          "ID": "CVE-2017-3197"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "GIGABYTE BRIX UEFI firmware for the GB-BSi7H-6500 (version F6) and GB-BXi7-5775 (version F2) platforms does not securely implement BIOSWE, BLE, SMM_BWP, and PRx features. As a result, the BIOS is not protected from arbitrary write access and may permit modifications to the SPI flash."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-20"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "VU#507496",
              "refsource": "CERT-VN",
              "tags": [
                "Third Party Advisory",
                "US Government Resource"
              ],
              "url": "https://www.kb.cert.org/vuls/id/507496"
            },
            {
              "name": "https://www.cylance.com/en_us/blog/gigabyte-brix-systems-vulnerabilities.html",
              "refsource": "MISC",
              "tags": [
                "Exploit",
                "Third Party Advisory"
              ],
              "url": "https://www.cylance.com/en_us/blog/gigabyte-brix-systems-vulnerabilities.html"
            },
            {
              "name": "https://github.com/CylanceVulnResearch/disclosures/blob/master/CLVA-2017-01-002.md",
              "refsource": "MISC",
              "tags": [
                "Exploit",
                "Third Party Advisory"
              ],
              "url": "https://github.com/CylanceVulnResearch/disclosures/blob/master/CLVA-2017-01-002.md"
            },
            {
              "name": "https://github.com/CylanceVulnResearch/disclosures/blob/master/CLVA-2017-01-001.md",
              "refsource": "MISC",
              "tags": [
                "Exploit",
                "Third Party Advisory"
              ],
              "url": "https://github.com/CylanceVulnResearch/disclosures/blob/master/CLVA-2017-01-001.md"
            },
            {
              "name": "97294",
              "refsource": "BID",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://www.securityfocus.com/bid/97294"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "COMPLETE",
            "baseScore": 10.0,
            "confidentialityImpact": "COMPLETE",
            "integrityImpact": "COMPLETE",
            "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 10.0,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "exploitabilityScore": 3.9,
          "impactScore": 5.9
        }
      },
      "lastModifiedDate": "2019-10-09T23:27Z",
      "publishedDate": "2018-07-09T19:29Z"
    }
  }
}

GHSA-R83H-QMFH-PXVF

Vulnerability from github – Published: 2022-05-13 01:36 – Updated: 2022-05-13 01:36

Details

Severity ?

9.8 (Critical)


                  
                    CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2017-3197"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-20"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2018-07-09T19:29:00Z",
    "severity": "CRITICAL"
  },
  "details": "GIGABYTE BRIX UEFI firmware for the GB-BSi7H-6500 (version F6) and GB-BXi7-5775 (version F2) platforms does not securely implement BIOSWE, BLE, SMM_BWP, and PRx features. As a result, the BIOS is not protected from arbitrary write access and may permit modifications to the SPI flash.",
  "id": "GHSA-r83h-qmfh-pxvf",
  "modified": "2022-05-13T01:36:43Z",
  "published": "2022-05-13T01:36:43Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-3197"
    },
    {
      "type": "WEB",
      "url": "https://github.com/CylanceVulnResearch/disclosures/blob/master/CLVA-2017-01-001.md"
    },
    {
      "type": "WEB",
      "url": "https://github.com/CylanceVulnResearch/disclosures/blob/master/CLVA-2017-01-002.md"
    },
    {
      "type": "WEB",
      "url": "https://www.cylance.com/en_us/blog/gigabyte-brix-systems-vulnerabilities.html"
    },
    {
      "type": "WEB",
      "url": "https://www.kb.cert.org/vuls/id/507496"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/97294"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

VAR-201807-0114

Vulnerability from variot - Updated: 2023-12-18 12:44

GIGABYTE BRIX UEFI firmware for the GB-BSi7H-6500 (version F6) and GB-BXi7-5775 (version F2) platforms does not securely implement BIOSWE, BLE, SMM_BWP, and PRx features. As a result, the BIOS is not protected from arbitrary write access and may permit modifications to the SPI flash. It also is not cryptographically signed. These issues can be used to run rootkits at the firmware level or permanently disrupt service to the system. (DoS) It is possible to execute an attack. Failure of protection mechanism (CWE-693) - CVE-2017-3197 GIGABYTE BRIX Platform to protect firmware writing BIOSWE , BLE , SMM_BWP , PRx There is a problem where the bits are not set properly. as a result, SPI flash May be tampered with. Inadequate verification of data reliability (CWE-345) - CVE-2017-3198 GIGABYTE BRIX of UEFI Firmware update is not signed. Also, from the support page without checksum HTTP Is provided via. As a result, even if the firmware is tampered with, it cannot be detected. For more information, Cylance Advisory for CLVA-2017-01-001 and CLVA-2017-01-002 Please refer to. CLVA-2017-01-001 https://github.com/CylanceVulnResearch/disclosures/blob/master/CLVA-2017-01-001.md CLVA-2017-01-002 https://github.com/CylanceVulnResearch/disclosures/blob/master/CLVA-2017-01-002.mdAn attacker could run a rootkit at the firmware level or permanently disrupt service to the system (DoS) An attack may be executed. Multiple GIGABYTE Products are prone to multiple security-bypass vulnerabilities. A local attacker may exploit these issues to bypass certain security restrictions and perform unauthorized actions

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201807-0114",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "gb-bsi7h-6500",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "gigabyte",
        "version": "f6"
      },
      {
        "model": "gb-bxi7-5775",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "gigabyte",
        "version": "f2"
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "gigabyte",
        "version": null
      },
      {
        "model": "brix gb-bsi7h-6500",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "gigabyte",
        "version": "(uefi firmware version  f6)"
      },
      {
        "model": "brix gb-bxi7-5775",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "gigabyte",
        "version": "(uefi firmware version  f2)"
      },
      {
        "model": "gb-bxi7-5775 brix uefi vf6",
        "scope": null,
        "trust": 0.3,
        "vendor": "gigabyte",
        "version": null
      },
      {
        "model": "gb-bxi7-5775 brix uefi vf2",
        "scope": null,
        "trust": 0.3,
        "vendor": "gigabyte",
        "version": null
      },
      {
        "model": "gb-bsi7h-6500 brix uefi vf6",
        "scope": null,
        "trust": 0.3,
        "vendor": "gigabyte",
        "version": null
      },
      {
        "model": "gb-bsi7h-6500 brix uefi vf2",
        "scope": null,
        "trust": 0.3,
        "vendor": "gigabyte",
        "version": null
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#507496"
      },
      {
        "db": "BID",
        "id": "97294"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-005602"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-3197"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201704-590"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:gigabyte:gb-bsi7h-6500_firmware:f6:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:gigabyte:gb-bsi7h-6500:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:gigabyte:gb-bxi7-5775_firmware:f2:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:gigabyte:gb-bxi7-5775:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2017-3197"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Alex Matrosov of Cylance",
    "sources": [
      {
        "db": "BID",
        "id": "97294"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201704-590"
      }
    ],
    "trust": 0.9
  },
  "cve": "CVE-2017-3197",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "COMPLETE",
            "baseScore": 10.0,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 10.0,
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "HIGH",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "High",
            "accessVector": "Network",
            "authentication": "None",
            "author": "IPA",
            "availabilityImpact": "Complete",
            "baseScore": 7.6,
            "confidentialityImpact": "Complete",
            "exploitabilityScore": null,
            "id": "JVNDB-2017-005602",
            "impactScore": null,
            "integrityImpact": "Complete",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "High",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "COMPLETE",
            "baseScore": 10.0,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 10.0,
            "id": "VHN-111400",
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "severity": "HIGH",
            "trust": 0.1,
            "vectorString": "AV:N/AC:L/AU:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULMON",
            "availabilityImpact": "COMPLETE",
            "baseScore": 10.0,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 10.0,
            "id": "CVE-2017-3197",
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "HIGH",
            "trust": 0.1,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "NVD",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 3.9,
            "impactScore": 5.9,
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          {
            "attackComplexity": "High",
            "attackVector": "Local",
            "author": "IPA",
            "availabilityImpact": "High",
            "baseScore": 7.0,
            "baseSeverity": "High",
            "confidentialityImpact": "High",
            "exploitabilityScore": null,
            "id": "JVNDB-2017-005602",
            "impactScore": null,
            "integrityImpact": "High",
            "privilegesRequired": "None",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "Required",
            "vectorString": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2017-3197",
            "trust": 1.0,
            "value": "CRITICAL"
          },
          {
            "author": "IPA",
            "id": "JVNDB-2017-005602",
            "trust": 0.8,
            "value": "High"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201704-590",
            "trust": 0.6,
            "value": "CRITICAL"
          },
          {
            "author": "VULHUB",
            "id": "VHN-111400",
            "trust": 0.1,
            "value": "HIGH"
          },
          {
            "author": "VULMON",
            "id": "CVE-2017-3197",
            "trust": 0.1,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-111400"
      },
      {
        "db": "VULMON",
        "id": "CVE-2017-3197"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-005602"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-3197"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201704-590"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "GIGABYTE BRIX UEFI firmware for the GB-BSi7H-6500 (version F6) and GB-BXi7-5775 (version F2) platforms does not securely implement BIOSWE, BLE, SMM_BWP, and PRx features. As a result, the BIOS is not protected from arbitrary write access and may permit modifications to the SPI flash. It also is not cryptographically signed. These issues can be used to run rootkits at the firmware level or permanently disrupt service to the system. (DoS) It is possible to execute an attack. Failure of protection mechanism (CWE-693) - CVE-2017-3197 GIGABYTE BRIX Platform to protect firmware writing BIOSWE , BLE , SMM_BWP , PRx There is a problem where the bits are not set properly. as a result, SPI flash May be tampered with. Inadequate verification of data reliability (CWE-345) - CVE-2017-3198 GIGABYTE BRIX of UEFI Firmware update is not signed. Also, from the support page without checksum HTTP Is provided via. As a result, even if the firmware is tampered with, it cannot be detected. For more information, Cylance Advisory for CLVA-2017-01-001 and CLVA-2017-01-002 Please refer to. CLVA-2017-01-001 https://github.com/CylanceVulnResearch/disclosures/blob/master/CLVA-2017-01-001.md CLVA-2017-01-002 https://github.com/CylanceVulnResearch/disclosures/blob/master/CLVA-2017-01-002.mdAn attacker could run a rootkit at the firmware level or permanently disrupt service to the system (DoS) An attack may be executed. Multiple GIGABYTE Products are prone to multiple security-bypass vulnerabilities. \nA local attacker may exploit these issues  to bypass certain security restrictions and perform unauthorized actions",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2017-3197"
      },
      {
        "db": "CERT/CC",
        "id": "VU#507496"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-005602"
      },
      {
        "db": "BID",
        "id": "97294"
      },
      {
        "db": "VULHUB",
        "id": "VHN-111400"
      },
      {
        "db": "VULMON",
        "id": "CVE-2017-3197"
      }
    ],
    "trust": 2.79
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "CERT/CC",
        "id": "VU#507496",
        "trust": 3.7
      },
      {
        "db": "NVD",
        "id": "CVE-2017-3197",
        "trust": 2.9
      },
      {
        "db": "BID",
        "id": "97294",
        "trust": 2.1
      },
      {
        "db": "JVN",
        "id": "JVNVU90556561",
        "trust": 0.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-005602",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201704-590",
        "trust": 0.7
      },
      {
        "db": "VULHUB",
        "id": "VHN-111400",
        "trust": 0.1
      },
      {
        "db": "VULMON",
        "id": "CVE-2017-3197",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#507496"
      },
      {
        "db": "VULHUB",
        "id": "VHN-111400"
      },
      {
        "db": "VULMON",
        "id": "CVE-2017-3197"
      },
      {
        "db": "BID",
        "id": "97294"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-005602"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-3197"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201704-590"
      }
    ]
  },
  "id": "VAR-201807-0114",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-111400"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2023-12-18T12:44:00.562000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "GB-BSi7H-6500",
        "trust": 0.8,
        "url": "http://www.gigabyte.us/mini-pcbarebone/gb-bsi7h-6500-rev-10#ov"
      },
      {
        "title": "GB-BXi7-5775",
        "trust": 0.8,
        "url": "http://www.gigabyte.us/mini-pcbarebone/gb-bxi7-5775-rev-10#ov"
      },
      {
        "title": "Various GIGABYTE product security vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=70176"
      },
      {
        "title": "BleepingComputer",
        "trust": 0.1,
        "url": "https://www.bleepingcomputer.com/news/security/gigabyte-firmware-flaws-allow-the-installation-of-uefi-ransomware/"
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2017-3197"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-005602"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201704-590"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-20",
        "trust": 1.1
      },
      {
        "problemtype": "CWE-345",
        "trust": 0.8
      },
      {
        "problemtype": "CWE-693",
        "trust": 0.8
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-111400"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-005602"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-3197"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.9,
        "url": "https://github.com/cylancevulnresearch/disclosures/blob/master/clva-2017-01-002.md"
      },
      {
        "trust": 2.7,
        "url": "https://www.kb.cert.org/vuls/id/507496"
      },
      {
        "trust": 2.6,
        "url": "https://github.com/cylancevulnresearch/disclosures/blob/master/clva-2017-01-001.md"
      },
      {
        "trust": 1.9,
        "url": "http://www.securityfocus.com/bid/97294"
      },
      {
        "trust": 1.8,
        "url": "https://www.cylance.com/en_us/blog/gigabyte-brix-systems-vulnerabilities.html"
      },
      {
        "trust": 0.8,
        "url": "https://cwe.mitre.org/data/definitions/693.html"
      },
      {
        "trust": 0.8,
        "url": "https://cwe.mitre.org/data/definitions/353.html"
      },
      {
        "trust": 0.8,
        "url": "http://www.gigabyte.us/mini-pcbarebone/gb-bsi7h-6500-rev-10"
      },
      {
        "trust": 0.8,
        "url": "http://www.gigabyte.us/mini-pcbarebone/gb-bxi7-5775-rev-10"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-3197"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-3198"
      },
      {
        "trust": 0.8,
        "url": "http://jvn.jp/vu/jvnvu90556561/"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2017-3197"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2017-3198"
      },
      {
        "trust": 0.3,
        "url": "http://www.gigabyte.us/mini-pcbarebone/gb-bxi7-5775-rev-10#ov"
      },
      {
        "trust": 0.3,
        "url": "https://github.com/cylancevulnresearch/disclosures/blob/master/clva-2017-01-001.md "
      },
      {
        "trust": 0.3,
        "url": "http://www.gigabyte.us/mini-pcbarebone/gb-bsi7h-6500-rev-10#ov "
      },
      {
        "trust": 0.3,
        "url": "http://www.kb.cert.org/vuls/id/507496 "
      },
      {
        "trust": 0.1,
        "url": "https://cwe.mitre.org/data/definitions/20.html"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov"
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#507496"
      },
      {
        "db": "VULHUB",
        "id": "VHN-111400"
      },
      {
        "db": "VULMON",
        "id": "CVE-2017-3197"
      },
      {
        "db": "BID",
        "id": "97294"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-005602"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-3197"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201704-590"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "CERT/CC",
        "id": "VU#507496"
      },
      {
        "db": "VULHUB",
        "id": "VHN-111400"
      },
      {
        "db": "VULMON",
        "id": "CVE-2017-3197"
      },
      {
        "db": "BID",
        "id": "97294"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-005602"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-3197"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201704-590"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2017-03-31T00:00:00",
        "db": "CERT/CC",
        "id": "VU#507496"
      },
      {
        "date": "2018-07-09T00:00:00",
        "db": "VULHUB",
        "id": "VHN-111400"
      },
      {
        "date": "2018-07-09T00:00:00",
        "db": "VULMON",
        "id": "CVE-2017-3197"
      },
      {
        "date": "2017-03-31T00:00:00",
        "db": "BID",
        "id": "97294"
      },
      {
        "date": "2017-08-02T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2017-005602"
      },
      {
        "date": "2018-07-09T19:29:00.247000",
        "db": "NVD",
        "id": "CVE-2017-3197"
      },
      {
        "date": "2017-03-31T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201704-590"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2017-03-31T00:00:00",
        "db": "CERT/CC",
        "id": "VU#507496"
      },
      {
        "date": "2019-10-09T00:00:00",
        "db": "VULHUB",
        "id": "VHN-111400"
      },
      {
        "date": "2019-10-09T00:00:00",
        "db": "VULMON",
        "id": "CVE-2017-3197"
      },
      {
        "date": "2017-04-04T00:03:00",
        "db": "BID",
        "id": "97294"
      },
      {
        "date": "2017-08-02T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2017-005602"
      },
      {
        "date": "2019-10-09T23:27:21.853000",
        "db": "NVD",
        "id": "CVE-2017-3197"
      },
      {
        "date": "2019-10-17T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201704-590"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201704-590"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "GIGABYTE BRIX UEFI firmware fails to implement write protection and is not cryptographically signed",
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#507496"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "input validation error",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201704-590"
      }
    ],
    "trust": 0.6
  }
}

FKIE_CVE-2017-3197

Vulnerability from fkie_nvd - Published: 2018-07-09 19:29 - Updated: 2024-11-21 03:25

Severity ?

9.8 (Critical) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Summary

References

URL	Tags
cret@cert.org	http://www.securityfocus.com/bid/97294	Third Party Advisory, VDB Entry
cret@cert.org	https://github.com/CylanceVulnResearch/disclosures/blob/master/CLVA-2017-01-001.md	Exploit, Third Party Advisory
cret@cert.org	https://github.com/CylanceVulnResearch/disclosures/blob/master/CLVA-2017-01-002.md	Exploit, Third Party Advisory
cret@cert.org	https://www.cylance.com/en_us/blog/gigabyte-brix-systems-vulnerabilities.html	Exploit, Third Party Advisory
cret@cert.org	https://www.kb.cert.org/vuls/id/507496	Third Party Advisory, US Government Resource
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/97294	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://github.com/CylanceVulnResearch/disclosures/blob/master/CLVA-2017-01-001.md	Exploit, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://github.com/CylanceVulnResearch/disclosures/blob/master/CLVA-2017-01-002.md	Exploit, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.cylance.com/en_us/blog/gigabyte-brix-systems-vulnerabilities.html	Exploit, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.kb.cert.org/vuls/id/507496	Third Party Advisory, US Government Resource

Impacted products

Vendor	Product	Version
gigabyte	gb-bsi7h-6500_firmware	f6
gigabyte	gb-bsi7h-6500	-
gigabyte	gb-bxi7-5775_firmware	f2
gigabyte	gb-bxi7-5775	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:gigabyte:gb-bsi7h-6500_firmware:f6:*:*:*:*:*:*:*",
              "matchCriteriaId": "A7A53C8F-B252-4602-9356-F77A7650F5D5",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:gigabyte:gb-bsi7h-6500:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "5B912BED-19DC-44B7-B06F-4CDF9135FB5B",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:gigabyte:gb-bxi7-5775_firmware:f2:*:*:*:*:*:*:*",
              "matchCriteriaId": "86E43347-B80C-45F4-AA26-A4ADA1F02CF2",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:gigabyte:gb-bxi7-5775:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "2564C261-8E5D-4EE6-A785-47DA1E7E0730",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "GIGABYTE BRIX UEFI firmware for the GB-BSi7H-6500 (version F6) and GB-BXi7-5775 (version F2) platforms does not securely implement BIOSWE, BLE, SMM_BWP, and PRx features. As a result, the BIOS is not protected from arbitrary write access and may permit modifications to the SPI flash."
    },
    {
      "lang": "es",
      "value": "El firmware de GIGABYTE BRIX UEFI para las plataformas GB-BSi7H-6500 (versi\u00f3n F6) y GB-BXi7-5775 (versi\u00f3n F2) no implementa las caracter\u00edsticas BIOSWE, BLE, SMM_BWP, y PRx de manera segura. En consecuencia, la BIOS no est\u00e1 protegida del acceso de escritura arbitraria y podr\u00eda permitir modificaciones en el flash SPI."
    }
  ],
  "id": "CVE-2017-3197",
  "lastModified": "2024-11-21T03:25:00.867",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 10.0,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 9.8,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2018-07-09T19:29:00.247",
  "references": [
    {
      "source": "cret@cert.org",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/97294"
    },
    {
      "source": "cret@cert.org",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "https://github.com/CylanceVulnResearch/disclosures/blob/master/CLVA-2017-01-001.md"
    },
    {
      "source": "cret@cert.org",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "https://github.com/CylanceVulnResearch/disclosures/blob/master/CLVA-2017-01-002.md"
    },
    {
      "source": "cret@cert.org",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "https://www.cylance.com/en_us/blog/gigabyte-brix-systems-vulnerabilities.html"
    },
    {
      "source": "cret@cert.org",
      "tags": [
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "https://www.kb.cert.org/vuls/id/507496"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/97294"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "https://github.com/CylanceVulnResearch/disclosures/blob/master/CLVA-2017-01-001.md"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "https://github.com/CylanceVulnResearch/disclosures/blob/master/CLVA-2017-01-002.md"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "https://www.cylance.com/en_us/blog/gigabyte-brix-systems-vulnerabilities.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "https://www.kb.cert.org/vuls/id/507496"
    }
  ],
  "sourceIdentifier": "cret@cert.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-693"
        }
      ],
      "source": "cret@cert.org",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-20"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2017-3197 (GCVE-0-2017-3197)

CNVD-2017-04010

GSD-2017-3197

GHSA-R83H-QMFH-PXVF

VAR-201807-0114

FKIE_CVE-2017-3197

Tags

Sightings

Nomenclature