2017-10-16 12:31:07 -04:00
{
2018-07-09 15:06:49 -04:00
"CVE_data_meta" : {
"ASSIGNER" : "cert@cert.org" ,
"ID" : "CVE-2017-3197" ,
"STATE" : "PUBLIC" ,
"TITLE" : "GIGABYTE BRIX UEFI firmware fails to securely implement BIOS write protection"
2017-10-16 12:31:07 -04:00
} ,
2018-07-09 15:06:49 -04:00
"affects" : {
"vendor" : {
"vendor_data" : [
2018-06-05 01:18:35 -04:00
{
2018-07-09 15:06:49 -04:00
"product" : {
"product_data" : [
2018-06-05 01:18:35 -04:00
{
2018-07-09 15:06:49 -04:00
"product_name" : "GB-BSi7H-6500" ,
"version" : {
"version_data" : [
2018-06-05 01:18:35 -04:00
{
2018-07-09 15:06:49 -04:00
"affected" : "=" ,
"version_name" : "F6" ,
"version_value" : "F6"
2018-06-05 01:18:35 -04:00
}
]
}
} ,
{
2018-07-09 15:06:49 -04:00
"product_name" : "GB-BXi7-5775" ,
"version" : {
"version_data" : [
2018-06-05 01:18:35 -04:00
{
2018-07-09 15:06:49 -04:00
"affected" : "=" ,
"version_name" : "F2" ,
"version_value" : "F2"
2018-06-05 01:18:35 -04:00
}
]
}
}
]
} ,
2018-07-09 15:06:49 -04:00
"vendor_name" : "GIGABYTE"
2018-06-05 01:18:35 -04:00
}
]
}
} ,
2018-07-09 15:06:49 -04:00
"data_format" : "MITRE" ,
"data_type" : "CVE" ,
"data_version" : "4.0" ,
"description" : {
"description_data" : [
2018-06-05 01:18:35 -04:00
{
2018-07-09 15:06:49 -04:00
"lang" : "eng" ,
"value" : "GIGABYTE BRIX UEFI firmware for the GB-BSi7H-6500 (version F6) and GB-BXi7-5775 (version F2) platforms does not securely implement BIOSWE, BLE, SMM_BWP, and PRx features. As a result, the BIOS is not protected from arbitrary write access and may permit modifications to the SPI flash."
2018-06-05 01:18:35 -04:00
}
]
} ,
2018-07-09 15:06:49 -04:00
"problemtype" : {
"problemtype_data" : [
2018-06-05 01:18:35 -04:00
{
2018-07-09 15:06:49 -04:00
"description" : [
2018-06-05 01:18:35 -04:00
{
2018-07-09 15:06:49 -04:00
"lang" : "eng" ,
"value" : "CWE-693: Protection Mechanism Failure"
2018-06-05 01:18:35 -04:00
}
]
}
]
} ,
2018-07-09 15:06:49 -04:00
"references" : {
"reference_data" : [
2018-06-05 01:18:35 -04:00
{
2018-07-09 15:06:49 -04:00
"name" : "https://github.com/CylanceVulnResearch/disclosures/blob/master/CLVA-2017-01-001.md" ,
"refsource" : "MISC" ,
"url" : "https://github.com/CylanceVulnResearch/disclosures/blob/master/CLVA-2017-01-001.md"
2018-06-05 01:18:35 -04:00
} ,
{
2018-07-09 15:06:49 -04:00
"name" : "https://github.com/CylanceVulnResearch/disclosures/blob/master/CLVA-2017-01-002.md" ,
"refsource" : "MISC" ,
"url" : "https://github.com/CylanceVulnResearch/disclosures/blob/master/CLVA-2017-01-002.md"
2018-06-05 01:18:35 -04:00
} ,
2017-10-16 12:31:07 -04:00
{
2018-07-09 15:06:49 -04:00
"name" : "https://www.cylance.com/en_us/blog/gigabyte-brix-systems-vulnerabilities.html" ,
"refsource" : "MISC" ,
"url" : "https://www.cylance.com/en_us/blog/gigabyte-brix-systems-vulnerabilities.html"
2018-06-05 01:18:35 -04:00
} ,
{
2018-07-09 15:06:49 -04:00
"name" : "VU#507496" ,
"refsource" : "CERT-VN" ,
"url" : "https://www.kb.cert.org/vuls/id/507496"
2018-06-05 01:18:35 -04:00
} ,
{
2018-07-09 15:06:49 -04:00
"name" : "97294" ,
"refsource" : "BID" ,
"url" : "http://www.securityfocus.com/bid/97294"
2017-10-16 12:31:07 -04:00
}
]
2018-06-05 01:18:35 -04:00
} ,
2018-07-09 15:06:49 -04:00
"source" : {
"discovery" : "UNKNOWN"
2017-10-16 12:31:07 -04:00
}
}
