CRITICAL🇬🇧 English

CVE-2017-3198

CVSS 9.8v3.0pub. 2018-07-09upd. 2024-11-21

GIGABYTE BRIX UEFI firmware does not cryptographically validate images prior to updating the system firmware. Additionally, the firmware updates are served over HTTP. An attacker can make arbitrary modifications to firmware images without being detected.

oryginał EN
CVSS Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Gigabyte Gb Bsi7h 6500

    HW
    Gigabyte
    wszystkie wersje
  • Gigabyte Gb Bsi7h 6500 Firmware

    OS
    Gigabyte
    f6
  • Gigabyte Gb Bxi7 5775

    HW
    Gigabyte
    wszystkie wersje
  • Gigabyte Gb Bxi7 5775 Firmware

    OS
    Gigabyte
    f2
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
CWE
Referencje

Powiązane podatności

CVE-2017-3197CRITICAL9.8ten sam produkt

GIGABYTE BRIX UEFI firmware for the GB-BSi7H-6500 (version F6) and GB-BXi7-5775 (version F2) platforms does no...

CVE-2018-19323CRITICAL9.8⚠ KEVten sam vendor

The GDrv low-level driver in GIGABYTE APP Center v1.05.21 and earlier, AORUS GRAPHICS ENGINE before 1.57, XTRE...

CVE-2026-4415CRITICAL9.2PL ✓ten sam vendor

Gigabyte Control Center — zapis dowolnych plików prowadzący do RCE lub privilege escalation

CVE-2018-19322HIGH7.8⚠ KEVten sam vendor

The GPCIDrv and GDrv low-level drivers in GIGABYTE APP Center v1.05.21 and earlier, AORUS GRAPHICS ENGINE befo...

CVE-2018-19320HIGH7.8⚠ KEVten sam vendor

The GDrv low-level driver in GIGABYTE APP Center v1.05.21 and earlier, AORUS GRAPHICS ENGINE before 1.57, XTRE...