Details of VAR-201807-0115

ID

VAR-201807-0115

CVE

CVE-2017-3198

TITLE

GIGABYTE BRIX UEFI firmware fails to implement write protection and is not cryptographically signed

Trust: 0.8

sources: CERT/CC: VU#507496

DESCRIPTION

GIGABYTE BRIX UEFI firmware does not cryptographically validate images prior to updating the system firmware. Additionally, the firmware updates are served over HTTP. An attacker can make arbitrary modifications to firmware images without being detected. It also is not cryptographically signed. These issues can be used to run rootkits at the firmware level or permanently disrupt service to the system. (DoS) It is possible to execute an attack. Failure of protection mechanism (CWE-693) - CVE-2017-3197 GIGABYTE BRIX Platform to protect firmware writing BIOSWE , BLE , SMM_BWP , PRx There is a problem where the bits are not set properly. as a result, SPI flash May be tampered with. Also, from the support page without checksum HTTP Is provided via. For more information, Cylance Advisory for CLVA-2017-01-001 and CLVA-2017-01-002 Please refer to. CLVA-2017-01-001 https://github.com/CylanceVulnResearch/disclosures/blob/master/CLVA-2017-01-001.md CLVA-2017-01-002 https://github.com/CylanceVulnResearch/disclosures/blob/master/CLVA-2017-01-002.mdAn attacker could run a rootkit at the firmware level or permanently disrupt service to the system (DoS) An attack may be executed. Multiple GIGABYTE Products are prone to multiple security-bypass vulnerabilities. A local attacker may exploit these issues to bypass certain security restrictions and perform unauthorized actions

Trust: 2.79

sources: NVD: CVE-2017-3198 // CERT/CC: VU#507496 // JVNDB: JVNDB-2017-005602 // BID: 97294 // VULHUB: VHN-111401 // VULMON: CVE-2017-3198

AFFECTED PRODUCTS

vendor:	gigabyte	model:	gb-bsi7h-6500	scope:	eq	version:	f6	Trust: 1.6
vendor:	gigabyte	model:	gb-bxi7-5775	scope:	eq	version:	f2	Trust: 1.6
vendor:	gigabyte	model:	-	scope:	-	version:	-	Trust: 0.8
vendor:	gigabyte	model:	brix gb-bsi7h-6500	scope:	eq	version:	(uefi firmware version f6)	Trust: 0.8
vendor:	gigabyte	model:	brix gb-bxi7-5775	scope:	eq	version:	(uefi firmware version f2)	Trust: 0.8
vendor:	gigabyte	model:	gb-bxi7-5775 brix uefi vf6	scope:	-	version:	-	Trust: 0.3
vendor:	gigabyte	model:	gb-bxi7-5775 brix uefi vf2	scope:	-	version:	-	Trust: 0.3
vendor:	gigabyte	model:	gb-bsi7h-6500 brix uefi vf6	scope:	-	version:	-	Trust: 0.3
vendor:	gigabyte	model:	gb-bsi7h-6500 brix uefi vf2	scope:	-	version:	-	Trust: 0.3

sources: CERT/CC: VU#507496 // BID: 97294 // JVNDB: JVNDB-2017-005602 // NVD: CVE-2017-3198 // CNNVD: CNNVD-201704-591

CVSS

SEVERITY

CVSSV2

CVSSV3

NVD:	CVE-2017-3198
value:	CRITICAL
Trust: 1.0
IPA:	JVNDB-2017-005602
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-201704-591
value:	CRITICAL
Trust: 0.6
VULHUB:	VHN-111401
value:	HIGH
Trust: 0.1
VULMON:	CVE-2017-3198
value:	HIGH
Trust: 0.1

NVD:
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	FALSE
obtainAllPrivilege:	FALSE
obtainUserPrivilege:	FALSE
obtainOtherPrivilege:	FALSE
userInteractionRequired:	FALSE
version:	2.0
Trust: 1.0
IPA:	JVNDB-2017-005602
severity:	HIGH
baseScore:	7.6
vectorString:	AV:N/AC:H/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	HIGH
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.8
VULHUB:	VHN-111401
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1
VULMON:	CVE-2017-3198
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

NVD:
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	5.9
version:	3.0
Trust: 1.0
IPA:	JVNDB-2017-005602
baseSeverity:	HIGH
baseScore:	7.0
vectorString:	CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	HIGH
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-111401 // VULMON: CVE-2017-3198 // JVNDB: JVNDB-2017-005602 // NVD: CVE-2017-3198 // CNNVD: CNNVD-201704-591

PROBLEMTYPE DATA

problemtype:	CWE-311	Trust: 1.1
problemtype:	CWE-347	Trust: 1.1
problemtype:	CWE-345	Trust: 0.8
problemtype:	CWE-693	Trust: 0.8
problemtype:	CWE-310	Trust: 0.1

sources: VULHUB: VHN-111401 // JVNDB: JVNDB-2017-005602 // NVD: CVE-2017-3198

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201704-591

TYPE

data forgery

Trust: 0.6

sources: CNNVD: CNNVD-201704-591

CONFIGURATIONS

sources: NVD: CVE-2017-3198

PATCH

title:	GB-BSi7H-6500	url:	http://www.gigabyte.us/mini-pcbarebone/gb-bsi7h-6500-rev-10#ov	Trust: 0.8
title:	GB-BXi7-5775	url:	http://www.gigabyte.us/mini-pcbarebone/gb-bxi7-5775-rev-10#ov	Trust: 0.8
title:	Various GIGABYTE product security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=70177	Trust: 0.6
title:	BleepingComputer	url:	https://www.bleepingcomputer.com/news/security/gigabyte-firmware-flaws-allow-the-installation-of-uefi-ransomware/	Trust: 0.1

sources: VULMON: CVE-2017-3198 // JVNDB: JVNDB-2017-005602 // CNNVD: CNNVD-201704-591

EXTERNAL IDS

db:	CERT/CC	id:	VU#507496	Trust: 3.7
db:	NVD	id:	CVE-2017-3198	Trust: 2.9
db:	BID	id:	97294	Trust: 2.1
db:	JVN	id:	JVNVU90556561	Trust: 0.8
db:	JVNDB	id:	JVNDB-2017-005602	Trust: 0.8
db:	CNNVD	id:	CNNVD-201704-591	Trust: 0.7
db:	VULHUB	id:	VHN-111401	Trust: 0.1
db:	VULMON	id:	CVE-2017-3198	Trust: 0.1

sources: CERT/CC: VU#507496 // VULHUB: VHN-111401 // VULMON: CVE-2017-3198 // BID: 97294 // JVNDB: JVNDB-2017-005602 // NVD: CVE-2017-3198 // CNNVD: CNNVD-201704-591

REFERENCES

url:	https://www.kb.cert.org/vuls/id/507496	Trust: 2.7
url:	http://www.securityfocus.com/bid/97294	Trust: 1.9
url:	https://www.cylance.com/en_us/blog/gigabyte-brix-systems-vulnerabilities.html	Trust: 1.8
url:	https://github.com/cylancevulnresearch/disclosures/blob/master/clva-2017-01-002.md	Trust: 1.1
url:	https://cwe.mitre.org/data/definitions/693.html	Trust: 0.8
url:	https://cwe.mitre.org/data/definitions/353.html	Trust: 0.8
url:	http://www.gigabyte.us/mini-pcbarebone/gb-bsi7h-6500-rev-10	Trust: 0.8
url:	http://www.gigabyte.us/mini-pcbarebone/gb-bxi7-5775-rev-10	Trust: 0.8
url:	https://github.com/cylancevulnresearch/disclosures/blob/master/clva-2017-01-001.md	Trust: 0.8
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-3197	Trust: 0.8
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-3198	Trust: 0.8
url:	http://jvn.jp/vu/jvnvu90556561/	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2017-3197	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2017-3198	Trust: 0.8
url:	http://www.gigabyte.us/mini-pcbarebone/gb-bxi7-5775-rev-10#ov	Trust: 0.3
url:	https://github.com/cylancevulnresearch/disclosures/blob/master/clva-2017-01-001.md	Trust: 0.3
url:	http://www.gigabyte.us/mini-pcbarebone/gb-bsi7h-6500-rev-10#ov	Trust: 0.3
url:	http://www.kb.cert.org/vuls/id/507496	Trust: 0.3
url:	https://cwe.mitre.org/data/definitions/347.html	Trust: 0.1
url:	https://cwe.mitre.org/data/definitions/311.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: CERT/CC: VU#507496 // VULHUB: VHN-111401 // VULMON: CVE-2017-3198 // BID: 97294 // JVNDB: JVNDB-2017-005602 // NVD: CVE-2017-3198 // CNNVD: CNNVD-201704-591

CREDITS

Alex Matrosov of Cylance

Trust: 0.9

sources: BID: 97294 // CNNVD: CNNVD-201704-591

SOURCES

db:	CERT/CC	id:	VU#507496
db:	VULHUB	id:	VHN-111401
db:	VULMON	id:	CVE-2017-3198
db:	BID	id:	97294
db:	JVNDB	id:	JVNDB-2017-005602
db:	NVD	id:	CVE-2017-3198
db:	CNNVD	id:	CNNVD-201704-591

LAST UPDATE DATE

2023-12-18T12:44:00.526000+00:00

SOURCES UPDATE DATE

db:	CERT/CC	id:	VU#507496	date:	2017-03-31T00:00:00
db:	VULHUB	id:	VHN-111401	date:	2019-10-09T00:00:00
db:	VULMON	id:	CVE-2017-3198	date:	2019-10-09T00:00:00
db:	BID	id:	97294	date:	2017-04-04T00:03:00
db:	JVNDB	id:	JVNDB-2017-005602	date:	2017-08-02T00:00:00
db:	NVD	id:	CVE-2017-3198	date:	2019-10-09T23:27:22.040
db:	CNNVD	id:	CNNVD-201704-591	date:	2019-10-17T00:00:00

SOURCES RELEASE DATE

db:	CERT/CC	id:	VU#507496	date:	2017-03-31T00:00:00
db:	VULHUB	id:	VHN-111401	date:	2018-07-09T00:00:00
db:	VULMON	id:	CVE-2017-3198	date:	2018-07-09T00:00:00
db:	BID	id:	97294	date:	2017-03-31T00:00:00
db:	JVNDB	id:	JVNDB-2017-005602	date:	2017-08-02T00:00:00
db:	NVD	id:	CVE-2017-3198	date:	2018-07-09T19:29:00.343
db:	CNNVD	id:	CNNVD-201704-591	date:	2017-03-31T00:00:00