Vulnerability Details CVE-2017-3198
GIGABYTE BRIX UEFI firmware does not cryptographically validate images prior to updating the system firmware. Additionally, the firmware updates are served over HTTP. An attacker can make arbitrary modifications to firmware images without being detected.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 43.8%
CVSS Severity
CVSS v3 Score 9.8
CVSS v2 Score 10.0
Products affected by CVE-2017-3198
-
cpe:2.3:h:gigabyte:gb-bsi7h-6500:-
-
cpe:2.3:h:gigabyte:gb-bxi7-5775:-
-
cpe:2.3:o:gigabyte:gb-bsi7h-6500_firmware:f6
-
cpe:2.3:o:gigabyte:gb-bxi7-5775_firmware:f2