CVE-2017-3198

CVE-2017-3198: GIGABYTE BRIX UEFI firmware is not cryptographically signed

Vendor Gigabyte
Product GB-BSi7H-6500
Weakness CWE-345
Published July 9, 2018
Last update August 5, 2024

CVSS base score

What the vulnerability does

01Description

GIGABYTE BRIX UEFI firmware does not cryptographically validate images prior to updating the system firmware. Additionally, the firmware updates are served over HTTP. An attacker can make arbitrary modifications to firmware images without being detected.

Key dates

02Disclosure timeline

July 9, 2018 CVE published
August 5, 2024 Record updated