← volver
CVE-2017-3197

GIGABYTE BRIX UEFI firmware fails to securely implement BIOS write protection

EPSS 5.3%CWE-693
GIGABYTE BRIX UEFI firmware for the GB-BSi7H-6500 (version F6) and GB-BXi7-5775 (version F2) platforms does not securely implement BIOSWE, BLE, SMM_BWP, and PRx features. As a result, the BIOS is not protected from arbitrary write access and may permit modifications to the SPI flash.
Productos afectados
GIGABYTE · GB-BSi7H-6500GIGABYTE · GB-BXi7-5775

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
https://github.com/CylanceVulnResearch/disclosures/blob/master/CLVA-2017-01-001.mdhttps://github.com/CylanceVulnResearch/disclosures/blob/master/CLVA-2017-01-002.mdhttps://www.cylance.com/en_us/blog/gigabyte-brix-systems-vulnerabilities.htmlhttps://www.kb.cert.org/vuls/id/507496http://www.securityfocus.com/bid/97294