admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-07-29 05:56:59 +00:00
Code Issues Packages Projects Releases Wiki Activity
cvelist/2017/3xxx/CVE-2017-3198.json
CVE Team b54cc258cd
- Synchronized data.
2018-07-09 15:06:49 -04:00

91 lines
2.8 KiB
JSON
Raw Blame History

{
"CVE_data_meta" : {
"ASSIGNER" : "cert@cert.org",
"ID" : "CVE-2017-3198",
"STATE" : "PUBLIC",
"TITLE" : "GIGABYTE BRIX UEFI firmware is not cryptographically signed"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "GB-BSi7H-6500",
"version" : {
"version_data" : [
{
"affected" : "=",
"version_name" : "F6",
"version_value" : "F6"
}
]
}
},
{
"product_name" : "GB-BXi7-5775",
"version" : {
"version_data" : [
{
"affected" : "=",
"version_name" : "F2",
"version_value" : "F2"
}
]
}
}
]
},
"vendor_name" : "GIGABYTE"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "GIGABYTE BRIX UEFI firmware does not cryptographically validate images prior to updating the system firmware. Additionally, the firmware updates are served over HTTP. An attacker can make arbitrary modifications to firmware images without being detected."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-345: Insufficient Verification of Data Authenticity"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://www.cylance.com/en_us/blog/gigabyte-brix-systems-vulnerabilities.html",
"refsource" : "MISC",
"url" : "https://www.cylance.com/en_us/blog/gigabyte-brix-systems-vulnerabilities.html"
},
{
"name" : "VU#507496",
"refsource" : "CERT-VN",
"url" : "https://www.kb.cert.org/vuls/id/507496"
},
{
"name" : "97294",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/97294"
}
]
},
"source" : {
"discovery" : "UNKNOWN"
}
}
Reference in New Issue View Git Blame Copy Permalink