{"api_version":"1","generated_at":"2026-04-23T07:55:55+00:00","cve":"CVE-2017-3198","urls":{"html":"https://cve.report/CVE-2017-3198","api":"https://cve.report/api/cve/CVE-2017-3198.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2017-3198","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2017-3198"},"summary":{"title":"CVE-2017-3198","description":"GIGABYTE BRIX UEFI firmware does not cryptographically validate images prior to updating the system firmware. Additionally, the firmware updates are served over HTTP. An attacker can make arbitrary modifications to firmware images without being detected.","state":"PUBLIC","assigner":"cert@cert.org","published_at":"2018-07-09 19:29:00","updated_at":"2019-10-09 23:27:00"},"problem_types":["CWE-347","CWE-311"],"metrics":[],"references":[{"url":"https://www.cylance.com/en_us/blog/gigabyte-brix-systems-vulnerabilities.html","name":"https://www.cylance.com/en_us/blog/gigabyte-brix-systems-vulnerabilities.html","refsource":"MISC","tags":["Exploit","Third Party Advisory"],"title":"Researchers Disclose Vulnerabilities in GIGABYTE BRIX Systems","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.kb.cert.org/vuls/id/507496","name":"VU#507496","refsource":"CERT-VN","tags":["Third Party Advisory","US Government Resource"],"title":"Vulnerability Note VU#507496 - GIGABYTE BRIX UEFI firmware fails to implement write protection and is not cryptographically signed","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.securityfocus.com/bid/97294","name":"97294","refsource":"BID","tags":["Third Party Advisory","VDB Entry"],"title":"Multiple GIGABYTE Products VU#507496 Multiple Security Bypass Vulnerabilities","mime":"text/html","httpstatus":"200","archivestatus":"0"},{"url":"https://www.cve.org/CVERecord?id=CVE-2017-3198","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-3198","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2017","cve_id":"3198","vulnerable":"-1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"h","cpe4":"gigabyte","cpe5":"gb-bsi7h-6500","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2017","cve_id":"3198","vulnerable":"0","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"h","cpe4":"gigabyte","cpe5":"gb-bsi7h-6500","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2017","cve_id":"3198","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"gigabyte","cpe5":"gb-bsi7h-6500_firmware","cpe6":"f6","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2017","cve_id":"3198","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"gigabyte","cpe5":"gb-bsi7h-6500_firmware","cpe6":"f6","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2017","cve_id":"3198","vulnerable":"-1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"h","cpe4":"gigabyte","cpe5":"gb-bxi7-5775","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2017","cve_id":"3198","vulnerable":"0","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"h","cpe4":"gigabyte","cpe5":"gb-bxi7-5775","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2017","cve_id":"3198","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"gigabyte","cpe5":"gb-bxi7-5775_firmware","cpe6":"f2","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2017","cve_id":"3198","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"gigabyte","cpe5":"gb-bxi7-5775_firmware","cpe6":"f2","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"CVE_data_meta":{"ASSIGNER":"cert@cert.org","ID":"CVE-2017-3198","STATE":"PUBLIC","TITLE":"GIGABYTE BRIX UEFI firmware is not cryptographically signed"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"GB-BSi7H-6500","version":{"version_data":[{"affected":"=","version_name":"F6","version_value":"F6"}]}},{"product_name":"GB-BXi7-5775","version":{"version_data":[{"affected":"=","version_name":"F2","version_value":"F2"}]}}]},"vendor_name":"GIGABYTE"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"GIGABYTE BRIX UEFI firmware does not cryptographically validate images prior to updating the system firmware. Additionally, the firmware updates are served over HTTP. An attacker can make arbitrary modifications to firmware images without being detected."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"CWE-345: Insufficient Verification of Data Authenticity"}]}]},"references":{"reference_data":[{"name":"VU#507496","refsource":"CERT-VN","url":"https://www.kb.cert.org/vuls/id/507496"},{"name":"97294","refsource":"BID","url":"http://www.securityfocus.com/bid/97294"},{"name":"https://www.cylance.com/en_us/blog/gigabyte-brix-systems-vulnerabilities.html","refsource":"MISC","url":"https://www.cylance.com/en_us/blog/gigabyte-brix-systems-vulnerabilities.html"}]},"source":{"discovery":"UNKNOWN"}},"nvd":{"publishedDate":"2018-07-09 19:29:00","lastModifiedDate":"2019-10-09 23:27:00","problem_types":["CWE-347","CWE-311"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH","baseScore":9.8,"baseSeverity":"CRITICAL"},"exploitabilityScore":3.9,"impactScore":5.9},"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:C/I:C/A:C","accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"COMPLETE","integrityImpact":"COMPLETE","availabilityImpact":"COMPLETE","baseScore":10},"severity":"HIGH","exploitabilityScore":10,"impactScore":10,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"AND","children":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:gigabyte:gb-bsi7h-6500_firmware:f6:*:*:*:*:*:*:*","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":false,"cpe23Uri":"cpe:2.3:h:gigabyte:gb-bsi7h-6500:-:*:*:*:*:*:*:*","cpe_name":[]}]}],"cpe_match":[]},{"operator":"AND","children":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:gigabyte:gb-bxi7-5775_firmware:f2:*:*:*:*:*:*:*","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":false,"cpe23Uri":"cpe:2.3:h:gigabyte:gb-bxi7-5775:-:*:*:*:*:*:*:*","cpe_name":[]}]}],"cpe_match":[]}]}},"legacy_mitre":{"record":{"CveYear":"2017","CveId":"3198","Ordinal":"99429","Title":"CVE-2017-3198","CVE":"CVE-2017-3198","Year":"2017"},"notes":[{"CveYear":"2017","CveId":"3198","Ordinal":"1","NoteData":"GIGABYTE BRIX UEFI firmware does not cryptographically validate images prior to updating the system firmware. Additionally, the firmware updates are served over HTTP. An attacker can make arbitrary modifications to firmware images without being detected.","Type":"Description","Title":null},{"CveYear":"2017","CveId":"3198","Ordinal":"2","NoteData":"2018-07-09","Type":"Other","Title":"Published"},{"CveYear":"2017","CveId":"3198","Ordinal":"3","NoteData":"2018-07-09","Type":"Other","Title":"Modified"}]}}}