10

CVE-2017-3198

Exploit

EPSS 0.21%
Veröffentlicht 09.07.2018 19:29:00
Zuletzt bearbeitet 21.11.2024 03:25:01
Quelle cret@cert.org
CVE-Watchlists
Login
Unerledigt
Login

GIGABYTE BRIX UEFI firmware does not cryptographically validate images prior to updating the system firmware. Additionally, the firmware updates are served over HTTP. An attacker can make arbitrary modifications to firmware images without being detected.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 3 Referenzen 6

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Gigabyte ≫ Gb-bsi7h-6500 Firmware Versionf6

Gigabyte ≫ Gb-bsi7h-6500 Version-

Gigabyte ≫ Gb-bxi7-5775 Firmware Versionf2

Gigabyte ≫ Gb-bxi7-5775 Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.21%	0.436

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	9.8	3.9	5.9	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	10	10	10	AV:N/AC:L/Au:N/C:C/I:C/A:C

CWE-311 Missing Encryption of Sensitive Data

The product does not encrypt sensitive or critical information before storage or transmission.

CWE-345 Insufficient Verification of Data Authenticity

The product does not sufficiently verify the origin or authenticity of data, in a way that causes it to accept invalid data.

CWE-347 Improper Verification of Cryptographic Signature

The product does not verify, or incorrectly verifies, the cryptographic signature for data.

http://www.securityfocus.com/bid/97294

Third Party Advisory

VDB Entry

https://www.cylance.com/en_us/blog/gigabyte-brix-systems-vulnerabilities.html

Third Party Advisory

Exploit

https://www.kb.cert.org/vuls/id/507496

Third Party Advisory

US Government Resource

https://nvd.nist.gov/vuln/detail/CVE-2017-3198

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2017-3198

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2017-3198

EUVD