Details of VAR-201807-0114

ID

VAR-201807-0114

CVE

CVE-2017-3197

TITLE

GIGABYTE BRIX UEFI firmware fails to implement write protection and is not cryptographically signed

Trust: 0.8

sources: CERT/CC: VU#507496

DESCRIPTION

GIGABYTE BRIX UEFI firmware for the GB-BSi7H-6500 (version F6) and GB-BXi7-5775 (version F2) platforms does not securely implement BIOSWE, BLE, SMM_BWP, and PRx features. As a result, the BIOS is not protected from arbitrary write access and may permit modifications to the SPI flash. It also is not cryptographically signed. These issues can be used to run rootkits at the firmware level or permanently disrupt service to the system. (DoS) It is possible to execute an attack. Failure of protection mechanism (CWE-693) - CVE-2017-3197 GIGABYTE BRIX Platform to protect firmware writing BIOSWE , BLE , SMM_BWP , PRx There is a problem where the bits are not set properly. as a result, SPI flash May be tampered with. Inadequate verification of data reliability (CWE-345) - CVE-2017-3198 GIGABYTE BRIX of UEFI Firmware update is not signed. Also, from the support page without checksum HTTP Is provided via. As a result, even if the firmware is tampered with, it cannot be detected. For more information, Cylance Advisory for CLVA-2017-01-001 and CLVA-2017-01-002 Please refer to. CLVA-2017-01-001 https://github.com/CylanceVulnResearch/disclosures/blob/master/CLVA-2017-01-001.md CLVA-2017-01-002 https://github.com/CylanceVulnResearch/disclosures/blob/master/CLVA-2017-01-002.mdAn attacker could run a rootkit at the firmware level or permanently disrupt service to the system (DoS) An attack may be executed. Multiple GIGABYTE Products are prone to multiple security-bypass vulnerabilities. A local attacker may exploit these issues to bypass certain security restrictions and perform unauthorized actions

Trust: 2.79

sources: NVD: CVE-2017-3197 // CERT/CC: VU#507496 // JVNDB: JVNDB-2017-005602 // BID: 97294 // VULHUB: VHN-111400 // VULMON: CVE-2017-3197

AFFECTED PRODUCTS

vendor:	gigabyte	model:	gb-bsi7h-6500	scope:	eq	version:	f6	Trust: 1.6
vendor:	gigabyte	model:	gb-bxi7-5775	scope:	eq	version:	f2	Trust: 1.6
vendor:	gigabyte	model:	-	scope:	-	version:	-	Trust: 0.8
vendor:	gigabyte	model:	brix gb-bsi7h-6500	scope:	eq	version:	(uefi firmware version f6)	Trust: 0.8
vendor:	gigabyte	model:	brix gb-bxi7-5775	scope:	eq	version:	(uefi firmware version f2)	Trust: 0.8
vendor:	gigabyte	model:	gb-bxi7-5775 brix uefi vf6	scope:	-	version:	-	Trust: 0.3
vendor:	gigabyte	model:	gb-bxi7-5775 brix uefi vf2	scope:	-	version:	-	Trust: 0.3
vendor:	gigabyte	model:	gb-bsi7h-6500 brix uefi vf6	scope:	-	version:	-	Trust: 0.3
vendor:	gigabyte	model:	gb-bsi7h-6500 brix uefi vf2	scope:	-	version:	-	Trust: 0.3

sources: CERT/CC: VU#507496 // BID: 97294 // JVNDB: JVNDB-2017-005602 // NVD: CVE-2017-3197 // CNNVD: CNNVD-201704-590

CVSS

SEVERITY

CVSSV2

CVSSV3

NVD:	CVE-2017-3197
value:	CRITICAL
Trust: 1.0
IPA:	JVNDB-2017-005602
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-201704-590
value:	CRITICAL
Trust: 0.6
VULHUB:	VHN-111400
value:	HIGH
Trust: 0.1
VULMON:	CVE-2017-3197
value:	HIGH
Trust: 0.1

NVD:
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	FALSE
obtainAllPrivilege:	FALSE
obtainUserPrivilege:	FALSE
obtainOtherPrivilege:	FALSE
userInteractionRequired:	FALSE
version:	2.0
Trust: 1.0
IPA:	JVNDB-2017-005602
severity:	HIGH
baseScore:	7.6
vectorString:	AV:N/AC:H/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	HIGH
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.8
VULHUB:	VHN-111400
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1
VULMON:	CVE-2017-3197
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

NVD:
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	5.9
version:	3.0
Trust: 1.0
IPA:	JVNDB-2017-005602
baseSeverity:	HIGH
baseScore:	7.0
vectorString:	CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	HIGH
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-111400 // VULMON: CVE-2017-3197 // JVNDB: JVNDB-2017-005602 // NVD: CVE-2017-3197 // CNNVD: CNNVD-201704-590

PROBLEMTYPE DATA

problemtype:	CWE-20	Trust: 1.1
problemtype:	CWE-345	Trust: 0.8
problemtype:	CWE-693	Trust: 0.8

sources: VULHUB: VHN-111400 // JVNDB: JVNDB-2017-005602 // NVD: CVE-2017-3197

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201704-590

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-201704-590

CONFIGURATIONS

sources: NVD: CVE-2017-3197

PATCH

title:	GB-BSi7H-6500	url:	http://www.gigabyte.us/mini-pcbarebone/gb-bsi7h-6500-rev-10#ov	Trust: 0.8
title:	GB-BXi7-5775	url:	http://www.gigabyte.us/mini-pcbarebone/gb-bxi7-5775-rev-10#ov	Trust: 0.8
title:	Various GIGABYTE product security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=70176	Trust: 0.6
title:	BleepingComputer	url:	https://www.bleepingcomputer.com/news/security/gigabyte-firmware-flaws-allow-the-installation-of-uefi-ransomware/	Trust: 0.1

sources: VULMON: CVE-2017-3197 // JVNDB: JVNDB-2017-005602 // CNNVD: CNNVD-201704-590

EXTERNAL IDS

db:	CERT/CC	id:	VU#507496	Trust: 3.7
db:	NVD	id:	CVE-2017-3197	Trust: 2.9
db:	BID	id:	97294	Trust: 2.1
db:	JVN	id:	JVNVU90556561	Trust: 0.8
db:	JVNDB	id:	JVNDB-2017-005602	Trust: 0.8
db:	CNNVD	id:	CNNVD-201704-590	Trust: 0.7
db:	VULHUB	id:	VHN-111400	Trust: 0.1
db:	VULMON	id:	CVE-2017-3197	Trust: 0.1

sources: CERT/CC: VU#507496 // VULHUB: VHN-111400 // VULMON: CVE-2017-3197 // BID: 97294 // JVNDB: JVNDB-2017-005602 // NVD: CVE-2017-3197 // CNNVD: CNNVD-201704-590

REFERENCES

url:	https://github.com/cylancevulnresearch/disclosures/blob/master/clva-2017-01-002.md	Trust: 2.9
url:	https://www.kb.cert.org/vuls/id/507496	Trust: 2.7
url:	https://github.com/cylancevulnresearch/disclosures/blob/master/clva-2017-01-001.md	Trust: 2.6
url:	http://www.securityfocus.com/bid/97294	Trust: 1.9
url:	https://www.cylance.com/en_us/blog/gigabyte-brix-systems-vulnerabilities.html	Trust: 1.8
url:	https://cwe.mitre.org/data/definitions/693.html	Trust: 0.8
url:	https://cwe.mitre.org/data/definitions/353.html	Trust: 0.8
url:	http://www.gigabyte.us/mini-pcbarebone/gb-bsi7h-6500-rev-10	Trust: 0.8
url:	http://www.gigabyte.us/mini-pcbarebone/gb-bxi7-5775-rev-10	Trust: 0.8
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-3197	Trust: 0.8
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-3198	Trust: 0.8
url:	http://jvn.jp/vu/jvnvu90556561/	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2017-3197	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2017-3198	Trust: 0.8
url:	http://www.gigabyte.us/mini-pcbarebone/gb-bxi7-5775-rev-10#ov	Trust: 0.3
url:	https://github.com/cylancevulnresearch/disclosures/blob/master/clva-2017-01-001.md	Trust: 0.3
url:	http://www.gigabyte.us/mini-pcbarebone/gb-bsi7h-6500-rev-10#ov	Trust: 0.3
url:	http://www.kb.cert.org/vuls/id/507496	Trust: 0.3
url:	https://cwe.mitre.org/data/definitions/20.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: CERT/CC: VU#507496 // VULHUB: VHN-111400 // VULMON: CVE-2017-3197 // BID: 97294 // JVNDB: JVNDB-2017-005602 // NVD: CVE-2017-3197 // CNNVD: CNNVD-201704-590

CREDITS

Alex Matrosov of Cylance

Trust: 0.9

sources: BID: 97294 // CNNVD: CNNVD-201704-590

SOURCES

db:	CERT/CC	id:	VU#507496
db:	VULHUB	id:	VHN-111400
db:	VULMON	id:	CVE-2017-3197
db:	BID	id:	97294
db:	JVNDB	id:	JVNDB-2017-005602
db:	NVD	id:	CVE-2017-3197
db:	CNNVD	id:	CNNVD-201704-590

LAST UPDATE DATE

2023-12-18T12:44:00.562000+00:00

SOURCES UPDATE DATE

db:	CERT/CC	id:	VU#507496	date:	2017-03-31T00:00:00
db:	VULHUB	id:	VHN-111400	date:	2019-10-09T00:00:00
db:	VULMON	id:	CVE-2017-3197	date:	2019-10-09T00:00:00
db:	BID	id:	97294	date:	2017-04-04T00:03:00
db:	JVNDB	id:	JVNDB-2017-005602	date:	2017-08-02T00:00:00
db:	NVD	id:	CVE-2017-3197	date:	2019-10-09T23:27:21.853
db:	CNNVD	id:	CNNVD-201704-590	date:	2019-10-17T00:00:00

SOURCES RELEASE DATE

db:	CERT/CC	id:	VU#507496	date:	2017-03-31T00:00:00
db:	VULHUB	id:	VHN-111400	date:	2018-07-09T00:00:00
db:	VULMON	id:	CVE-2017-3197	date:	2018-07-09T00:00:00
db:	BID	id:	97294	date:	2017-03-31T00:00:00
db:	JVNDB	id:	JVNDB-2017-005602	date:	2017-08-02T00:00:00
db:	NVD	id:	CVE-2017-3197	date:	2018-07-09T19:29:00.247
db:	CNNVD	id:	CNNVD-201704-590	date:	2017-03-31T00:00:00