10

CVE-2017-3197

Exploit

GIGABYTE BRIX UEFI firmware fails to securely implement BIOS write protection

GIGABYTE BRIX UEFI firmware for the GB-BSi7H-6500 (version F6) and GB-BXi7-5775 (version F2) platforms does not securely implement BIOSWE, BLE, SMM_BWP, and PRx features. As a result, the BIOS is not protected from arbitrary write access and may permit modifications to the SPI flash.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
GigabyteGb-bsi7h-6500 Firmware Versionf6
   GigabyteGb-bsi7h-6500 Version-
GigabyteGb-bxi7-5775 Firmware Versionf2
   GigabyteGb-bxi7-5775 Version-
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 5.32% 0.915
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 9.8 3.9 5.9
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov 10 10 10
AV:N/AC:L/Au:N/C:C/I:C/A:C
CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

CWE-693 Protection Mechanism Failure

The product does not use or incorrectly uses a protection mechanism that provides sufficient defense against directed attacks against the product.

http://www.securityfocus.com/bid/97294
Third Party Advisory
VDB Entry
https://github.com/CylanceVulnResearch/disclosures/blob/master/CLVA-2017-01-001.md
Third Party Advisory
Exploit
https://github.com/CylanceVulnResearch/disclosures/blob/master/CLVA-2017-01-002.md
Third Party Advisory
Exploit
https://www.cylance.com/en_us/blog/gigabyte-brix-systems-vulnerabilities.html
Third Party Advisory
Exploit
https://www.kb.cert.org/vuls/id/507496
Third Party Advisory
US Government Resource