Vulnerabilites related to gigabyte - gb-bxi7-5775
Vulnerability from fkie_nvd
Published
2018-07-09 19:29
Modified
2024-11-21 03:25
Severity ?
Summary
GIGABYTE BRIX UEFI firmware for the GB-BSi7H-6500 (version F6) and GB-BXi7-5775 (version F2) platforms does not securely implement BIOSWE, BLE, SMM_BWP, and PRx features. As a result, the BIOS is not protected from arbitrary write access and may permit modifications to the SPI flash.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| gigabyte | gb-bsi7h-6500_firmware | f6 | |
| gigabyte | gb-bsi7h-6500 | - | |
| gigabyte | gb-bxi7-5775_firmware | f2 | |
| gigabyte | gb-bxi7-5775 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:gigabyte:gb-bsi7h-6500_firmware:f6:*:*:*:*:*:*:*",
"matchCriteriaId": "A7A53C8F-B252-4602-9356-F77A7650F5D5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:gigabyte:gb-bsi7h-6500:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5B912BED-19DC-44B7-B06F-4CDF9135FB5B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:gigabyte:gb-bxi7-5775_firmware:f2:*:*:*:*:*:*:*",
"matchCriteriaId": "86E43347-B80C-45F4-AA26-A4ADA1F02CF2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:gigabyte:gb-bxi7-5775:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2564C261-8E5D-4EE6-A785-47DA1E7E0730",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "GIGABYTE BRIX UEFI firmware for the GB-BSi7H-6500 (version F6) and GB-BXi7-5775 (version F2) platforms does not securely implement BIOSWE, BLE, SMM_BWP, and PRx features. As a result, the BIOS is not protected from arbitrary write access and may permit modifications to the SPI flash."
},
{
"lang": "es",
"value": "El firmware de GIGABYTE BRIX UEFI para las plataformas GB-BSi7H-6500 (versi\u00f3n F6) y GB-BXi7-5775 (versi\u00f3n F2) no implementa las caracter\u00edsticas BIOSWE, BLE, SMM_BWP, y PRx de manera segura. En consecuencia, la BIOS no est\u00e1 protegida del acceso de escritura arbitraria y podr\u00eda permitir modificaciones en el flash SPI."
}
],
"id": "CVE-2017-3197",
"lastModified": "2024-11-21T03:25:00.867",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-07-09T19:29:00.247",
"references": [
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/97294"
},
{
"source": "cret@cert.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/CylanceVulnResearch/disclosures/blob/master/CLVA-2017-01-001.md"
},
{
"source": "cret@cert.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/CylanceVulnResearch/disclosures/blob/master/CLVA-2017-01-002.md"
},
{
"source": "cret@cert.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://www.cylance.com/en_us/blog/gigabyte-brix-systems-vulnerabilities.html"
},
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://www.kb.cert.org/vuls/id/507496"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/97294"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/CylanceVulnResearch/disclosures/blob/master/CLVA-2017-01-001.md"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/CylanceVulnResearch/disclosures/blob/master/CLVA-2017-01-002.md"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://www.cylance.com/en_us/blog/gigabyte-brix-systems-vulnerabilities.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://www.kb.cert.org/vuls/id/507496"
}
],
"sourceIdentifier": "cret@cert.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-693"
}
],
"source": "cret@cert.org",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-07-09 19:29
Modified
2024-11-21 03:25
Severity ?
Summary
GIGABYTE BRIX UEFI firmware does not cryptographically validate images prior to updating the system firmware. Additionally, the firmware updates are served over HTTP. An attacker can make arbitrary modifications to firmware images without being detected.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cret@cert.org | http://www.securityfocus.com/bid/97294 | Third Party Advisory, VDB Entry | |
| cret@cert.org | https://www.cylance.com/en_us/blog/gigabyte-brix-systems-vulnerabilities.html | Exploit, Third Party Advisory | |
| cret@cert.org | https://www.kb.cert.org/vuls/id/507496 | Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/97294 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.cylance.com/en_us/blog/gigabyte-brix-systems-vulnerabilities.html | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.kb.cert.org/vuls/id/507496 | Third Party Advisory, US Government Resource |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| gigabyte | gb-bsi7h-6500_firmware | f6 | |
| gigabyte | gb-bsi7h-6500 | - | |
| gigabyte | gb-bxi7-5775_firmware | f2 | |
| gigabyte | gb-bxi7-5775 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:gigabyte:gb-bsi7h-6500_firmware:f6:*:*:*:*:*:*:*",
"matchCriteriaId": "A7A53C8F-B252-4602-9356-F77A7650F5D5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:gigabyte:gb-bsi7h-6500:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5B912BED-19DC-44B7-B06F-4CDF9135FB5B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:gigabyte:gb-bxi7-5775_firmware:f2:*:*:*:*:*:*:*",
"matchCriteriaId": "86E43347-B80C-45F4-AA26-A4ADA1F02CF2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:gigabyte:gb-bxi7-5775:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2564C261-8E5D-4EE6-A785-47DA1E7E0730",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "GIGABYTE BRIX UEFI firmware does not cryptographically validate images prior to updating the system firmware. Additionally, the firmware updates are served over HTTP. An attacker can make arbitrary modifications to firmware images without being detected."
},
{
"lang": "es",
"value": "El firmware de GIGABYTE BRIX UEFI no valida las im\u00e1genes criptogr\u00e1ficamente antes de actualizar el firmware del sistema. Adicionalmente, las actualizaciones de firmware se sirven mediante HTTP. Un atacante puede hacer modificaciones arbitrarias en las im\u00e1genes de firmware sin ser detectados."
}
],
"id": "CVE-2017-3198",
"lastModified": "2024-11-21T03:25:01.000",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-07-09T19:29:00.343",
"references": [
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/97294"
},
{
"source": "cret@cert.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://www.cylance.com/en_us/blog/gigabyte-brix-systems-vulnerabilities.html"
},
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://www.kb.cert.org/vuls/id/507496"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/97294"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://www.cylance.com/en_us/blog/gigabyte-brix-systems-vulnerabilities.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://www.kb.cert.org/vuls/id/507496"
}
],
"sourceIdentifier": "cret@cert.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-345"
}
],
"source": "cret@cert.org",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-311"
},
{
"lang": "en",
"value": "CWE-347"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2017-3198 (GCVE-0-2017-3198)
Vulnerability from cvelistv5
Published
2018-07-09 19:00
Modified
2024-08-05 14:16
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-345 - Insufficient Verification of Data Authenticity
Summary
GIGABYTE BRIX UEFI firmware does not cryptographically validate images prior to updating the system firmware. Additionally, the firmware updates are served over HTTP. An attacker can make arbitrary modifications to firmware images without being detected.
References
| ► | URL | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ► | GIGABYTE | GB-BSi7H-6500 |
Version: F6 |
||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T14:16:28.250Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "VU#507496",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "https://www.kb.cert.org/vuls/id/507496"
},
{
"name": "97294",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/97294"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.cylance.com/en_us/blog/gigabyte-brix-systems-vulnerabilities.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "GB-BSi7H-6500",
"vendor": "GIGABYTE",
"versions": [
{
"status": "affected",
"version": "F6"
}
]
},
{
"product": "GB-BXi7-5775",
"vendor": "GIGABYTE",
"versions": [
{
"status": "affected",
"version": "F2"
}
]
}
],
"datePublic": "2017-03-31T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "GIGABYTE BRIX UEFI firmware does not cryptographically validate images prior to updating the system firmware. Additionally, the firmware updates are served over HTTP. An attacker can make arbitrary modifications to firmware images without being detected."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-345",
"description": "CWE-345: Insufficient Verification of Data Authenticity",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-07-09T18:57:01",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"name": "VU#507496",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "https://www.kb.cert.org/vuls/id/507496"
},
{
"name": "97294",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/97294"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.cylance.com/en_us/blog/gigabyte-brix-systems-vulnerabilities.html"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "GIGABYTE BRIX UEFI firmware is not cryptographically signed",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2017-3198",
"STATE": "PUBLIC",
"TITLE": "GIGABYTE BRIX UEFI firmware is not cryptographically signed"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "GB-BSi7H-6500",
"version": {
"version_data": [
{
"affected": "=",
"version_affected": "=",
"version_name": "F6",
"version_value": "F6"
}
]
}
},
{
"product_name": "GB-BXi7-5775",
"version": {
"version_data": [
{
"affected": "=",
"version_affected": "=",
"version_name": "F2",
"version_value": "F2"
}
]
}
}
]
},
"vendor_name": "GIGABYTE"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "GIGABYTE BRIX UEFI firmware does not cryptographically validate images prior to updating the system firmware. Additionally, the firmware updates are served over HTTP. An attacker can make arbitrary modifications to firmware images without being detected."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-345: Insufficient Verification of Data Authenticity"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#507496",
"refsource": "CERT-VN",
"url": "https://www.kb.cert.org/vuls/id/507496"
},
{
"name": "97294",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/97294"
},
{
"name": "https://www.cylance.com/en_us/blog/gigabyte-brix-systems-vulnerabilities.html",
"refsource": "MISC",
"url": "https://www.cylance.com/en_us/blog/gigabyte-brix-systems-vulnerabilities.html"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2017-3198",
"datePublished": "2018-07-09T19:00:00",
"dateReserved": "2016-12-05T00:00:00",
"dateUpdated": "2024-08-05T14:16:28.250Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-3197 (GCVE-0-2017-3197)
Vulnerability from cvelistv5
Published
2018-07-09 19:00
Modified
2024-08-05 14:16
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-693 - Protection Mechanism Failure
Summary
GIGABYTE BRIX UEFI firmware for the GB-BSi7H-6500 (version F6) and GB-BXi7-5775 (version F2) platforms does not securely implement BIOSWE, BLE, SMM_BWP, and PRx features. As a result, the BIOS is not protected from arbitrary write access and may permit modifications to the SPI flash.
References
| ► | URL | Tags | |||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ► | GIGABYTE | GB-BSi7H-6500 |
Version: F6 |
||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T14:16:28.250Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/CylanceVulnResearch/disclosures/blob/master/CLVA-2017-01-001.md"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/CylanceVulnResearch/disclosures/blob/master/CLVA-2017-01-002.md"
},
{
"name": "VU#507496",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "https://www.kb.cert.org/vuls/id/507496"
},
{
"name": "97294",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/97294"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.cylance.com/en_us/blog/gigabyte-brix-systems-vulnerabilities.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "GB-BSi7H-6500",
"vendor": "GIGABYTE",
"versions": [
{
"status": "affected",
"version": "F6"
}
]
},
{
"product": "GB-BXi7-5775",
"vendor": "GIGABYTE",
"versions": [
{
"status": "affected",
"version": "F2"
}
]
}
],
"datePublic": "2017-03-31T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "GIGABYTE BRIX UEFI firmware for the GB-BSi7H-6500 (version F6) and GB-BXi7-5775 (version F2) platforms does not securely implement BIOSWE, BLE, SMM_BWP, and PRx features. As a result, the BIOS is not protected from arbitrary write access and may permit modifications to the SPI flash."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-693",
"description": "CWE-693: Protection Mechanism Failure",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-07-09T18:57:01",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/CylanceVulnResearch/disclosures/blob/master/CLVA-2017-01-001.md"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/CylanceVulnResearch/disclosures/blob/master/CLVA-2017-01-002.md"
},
{
"name": "VU#507496",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "https://www.kb.cert.org/vuls/id/507496"
},
{
"name": "97294",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/97294"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.cylance.com/en_us/blog/gigabyte-brix-systems-vulnerabilities.html"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "GIGABYTE BRIX UEFI firmware fails to securely implement BIOS write protection",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2017-3197",
"STATE": "PUBLIC",
"TITLE": "GIGABYTE BRIX UEFI firmware fails to securely implement BIOS write protection"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "GB-BSi7H-6500",
"version": {
"version_data": [
{
"affected": "=",
"version_affected": "=",
"version_name": "F6",
"version_value": "F6"
}
]
}
},
{
"product_name": "GB-BXi7-5775",
"version": {
"version_data": [
{
"affected": "=",
"version_affected": "=",
"version_name": "F2",
"version_value": "F2"
}
]
}
}
]
},
"vendor_name": "GIGABYTE"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "GIGABYTE BRIX UEFI firmware for the GB-BSi7H-6500 (version F6) and GB-BXi7-5775 (version F2) platforms does not securely implement BIOSWE, BLE, SMM_BWP, and PRx features. As a result, the BIOS is not protected from arbitrary write access and may permit modifications to the SPI flash."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-693: Protection Mechanism Failure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/CylanceVulnResearch/disclosures/blob/master/CLVA-2017-01-001.md",
"refsource": "MISC",
"url": "https://github.com/CylanceVulnResearch/disclosures/blob/master/CLVA-2017-01-001.md"
},
{
"name": "https://github.com/CylanceVulnResearch/disclosures/blob/master/CLVA-2017-01-002.md",
"refsource": "MISC",
"url": "https://github.com/CylanceVulnResearch/disclosures/blob/master/CLVA-2017-01-002.md"
},
{
"name": "VU#507496",
"refsource": "CERT-VN",
"url": "https://www.kb.cert.org/vuls/id/507496"
},
{
"name": "97294",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/97294"
},
{
"name": "https://www.cylance.com/en_us/blog/gigabyte-brix-systems-vulnerabilities.html",
"refsource": "MISC",
"url": "https://www.cylance.com/en_us/blog/gigabyte-brix-systems-vulnerabilities.html"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2017-3197",
"datePublished": "2018-07-09T19:00:00",
"dateReserved": "2016-12-05T00:00:00",
"dateUpdated": "2024-08-05T14:16:28.250Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}