QwikSec

Security Database

CVE

CWE

Training

CVE-2017-3197

Published: Jul 9, 2018

Modified: Aug 5, 2024

PUBLISHED

Description

GIGABYTE BRIX UEFI firmware for the GB-BSi7H-6500 (version F6) and GB-BXi7-5775 (version F2) platforms does not securely implement BIOSWE, BLE, SMM_BWP, and PRx features. As a result, the BIOS is not protected from arbitrary write access and may permit modifications to the SPI flash.

Vendor	Product	Versions
GIGABYTE	GB-BSi7H-6500	affected `F6`
GIGABYTE	GB-BXi7-5775	affected `F2`

Weaknesses (CWE)

References

https://github.com/CylanceVulnResearch/disclosures/blob/master/CLVA-2017-01-001.md

x_refsource_MISC

https://github.com/CylanceVulnResearch/disclosures/blob/master/CLVA-2017-01-002.md

x_refsource_MISC

third-party-advisory

x_refsource_CERT-VN

vdb-entry

x_refsource_BID

https://www.cylance.com/en_us/blog/gigabyte-brix-systems-vulnerabilities.html

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.