Vulnerability-Lookup

CNVD-2017-04012

Vulnerability from cnvd - Published: 2017-04-06

Title

技嘉BRIX迷你电脑存在固件防护机制缺陷漏洞

Description

技嘉（GIGABYTE）是台湾专业的主板制造商，GB-BSi7H-6500及GB-BXi7-5775是BRIX系列迷你电脑。UEFI，全称“统一的可扩展固件接口”(Unified Extensible Firmware Interface)，是一种详细描述类型接口的标准。这种接口用于操作系统自动从预启动的操作环境，加载到一种操作系统上。技嘉BRIX迷你电脑存在固件防护机制缺陷漏洞，由于在加载UEFI固件时未能在SMI handler加入适当防护机制，攻击者可通过系统管理模式（SMM）在SPI內存中写入指令。

Severity

中

Formal description

技嘉即将发布GB-BSI7H-6500的的最新版本（vf7）固件。而GB-BXI7-5775已停产，厂商不在升级维护。请及时关注厂商主页： http://www.gigabyte.tw/

Reference

https://www.bleepingcomputer.com/news/security/gigabyte-firmware-flaws-allow-the-installation-of-uefi-ransomware/ http://www.securityfocus.com/bid/97294 http://www.kb.cert.org/vuls/id/507496

Impacted products

Name
['gigabyte GB-BSi7H-6500 BRIX UEFI vF2', 'gigabyte GB-BSi7H-6500 BRIX UEFI vF6', 'gigabyte GB-BXi7-5775 BRIX UEFI vF2', 'gigabyte GB-BXi7-5775 BRIX UEFI vF6']

Show details on source website

JSON

To clipboard

{
  "bids": {
    "bid": {
      "bidNumber": "97294"
    }
  },
  "cves": {
    "cve": {
      "cveNumber": "CVE-2017-3198"
    }
  },
  "description": "\u6280\u5609\uff08GIGABYTE\uff09\u662f\u53f0\u6e7e\u4e13\u4e1a\u7684\u4e3b\u677f\u5236\u9020\u5546\uff0cGB-BSi7H-6500\u53caGB-BXi7-5775\u662fBRIX\u7cfb\u5217\u8ff7\u4f60\u7535\u8111\u3002UEFI\uff0c\u5168\u79f0\u201c\u7edf\u4e00\u7684\u53ef\u6269\u5c55\u56fa\u4ef6\u63a5\u53e3\u201d(Unified Extensible Firmware Interface)\uff0c \u662f\u4e00\u79cd\u8be6\u7ec6\u63cf\u8ff0\u7c7b\u578b\u63a5\u53e3\u7684\u6807\u51c6\u3002\u8fd9\u79cd\u63a5\u53e3\u7528\u4e8e\u64cd\u4f5c\u7cfb\u7edf\u81ea\u52a8\u4ece\u9884\u542f\u52a8\u7684\u64cd\u4f5c\u73af\u5883\uff0c\u52a0\u8f7d\u5230\u4e00\u79cd\u64cd\u4f5c\u7cfb\u7edf\u4e0a\u3002\r\n\r\n\u6280\u5609BRIX\u8ff7\u4f60\u7535\u8111\u5b58\u5728\u56fa\u4ef6\u9632\u62a4\u673a\u5236\u7f3a\u9677\u6f0f\u6d1e\uff0c\u7531\u4e8e\u5728\u52a0\u8f7dUEFI\u56fa\u4ef6\u65f6\u672a\u80fd\u5728SMI handler\u52a0\u5165\u9002\u5f53\u9632\u62a4\u673a\u5236\uff0c\u653b\u51fb\u8005\u53ef\u901a\u8fc7\u7cfb\u7edf\u7ba1\u7406\u6a21\u5f0f\uff08SMM\uff09\u5728SPI\u5167\u5b58\u4e2d\u5199\u5165\u6307\u4ee4\u3002",
  "discovererName": "Alex Matrosov of Cylance",
  "formalWay": "\u6280\u5609\u5373\u5c06\u53d1\u5e03GB-BSI7H-6500\u7684\u7684\u6700\u65b0\u7248\u672c\uff08vf7\uff09\u56fa\u4ef6\u3002\u800cGB-BXI7-5775\u5df2\u505c\u4ea7\uff0c\u5382\u5546\u4e0d\u5728\u5347\u7ea7\u7ef4\u62a4\u3002\u8bf7\u53ca\u65f6\u5173\u6ce8\u5382\u5546\u4e3b\u9875\uff1a\r\nhttp://www.gigabyte.tw/",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2017-04012",
  "openTime": "2017-04-06",
  "products": {
    "product": [
      "gigabyte GB-BSi7H-6500 BRIX UEFI vF2",
      "gigabyte GB-BSi7H-6500 BRIX UEFI vF6",
      "gigabyte GB-BXi7-5775 BRIX UEFI vF2",
      "gigabyte GB-BXi7-5775 BRIX UEFI vF6"
    ]
  },
  "referenceLink": "https://www.bleepingcomputer.com/news/security/gigabyte-firmware-flaws-allow-the-installation-of-uefi-ransomware/\r\nhttp://www.securityfocus.com/bid/97294\r\nhttp://www.kb.cert.org/vuls/id/507496",
  "serverity": "\u4e2d",
  "submitTime": "2017-04-01",
  "title": "\u6280\u5609BRIX\u8ff7\u4f60\u7535\u8111\u5b58\u5728\u56fa\u4ef6\u9632\u62a4\u673a\u5236\u7f3a\u9677\u6f0f\u6d1e"
}

CVE-2017-3198 (GCVE-0-2017-3198)

Vulnerability from cvelistv5 – Published: 2018-07-09 19:00 – Updated: 2024-08-05 14:16

Title

GIGABYTE BRIX UEFI firmware is not cryptographically signed

Summary

GIGABYTE BRIX UEFI firmware does not cryptographically validate images prior to updating the system firmware. Additionally, the firmware updates are served over HTTP. An attacker can make arbitrary modifications to firmware images without being detected.

Severity ?

No CVSS data available.

CWE

CWE-345 - Insufficient Verification of Data Authenticity

Assigner

certcc

References

URL

Tags

	https://www.kb.cert.org/vuls/id/507496	third-party-advisoryx_refsource_CERT-VN
	http://www.securityfocus.com/bid/97294	vdb-entryx_refsource_BID
	https://www.cylance.com/en_us/blog/gigabyte-brix-…	x_refsource_MISC

Impacted products

Vendor

Product

Version

Affected: F6

Affected: F2

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T14:16:28.250Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "VU#507496",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT-VN",
              "x_transferred"
            ],
            "url": "https://www.kb.cert.org/vuls/id/507496"
          },
          {
            "name": "97294",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/97294"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.cylance.com/en_us/blog/gigabyte-brix-systems-vulnerabilities.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "GB-BSi7H-6500",
          "vendor": "GIGABYTE",
          "versions": [
            {
              "status": "affected",
              "version": "F6"
            }
          ]
        },
        {
          "product": "GB-BXi7-5775",
          "vendor": "GIGABYTE",
          "versions": [
            {
              "status": "affected",
              "version": "F2"
            }
          ]
        }
      ],
      "datePublic": "2017-03-31T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "GIGABYTE BRIX UEFI firmware does not cryptographically validate images prior to updating the system firmware. Additionally, the firmware updates are served over HTTP. An attacker can make arbitrary modifications to firmware images without being detected."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-345",
              "description": "CWE-345: Insufficient Verification of Data Authenticity",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-07-09T18:57:01",
        "orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
        "shortName": "certcc"
      },
      "references": [
        {
          "name": "VU#507496",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT-VN"
          ],
          "url": "https://www.kb.cert.org/vuls/id/507496"
        },
        {
          "name": "97294",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/97294"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.cylance.com/en_us/blog/gigabyte-brix-systems-vulnerabilities.html"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "GIGABYTE BRIX UEFI firmware is not cryptographically signed",
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cert@cert.org",
          "ID": "CVE-2017-3198",
          "STATE": "PUBLIC",
          "TITLE": "GIGABYTE BRIX UEFI firmware is not cryptographically signed"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "GB-BSi7H-6500",
                      "version": {
                        "version_data": [
                          {
                            "affected": "=",
                            "version_affected": "=",
                            "version_name": "F6",
                            "version_value": "F6"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "GB-BXi7-5775",
                      "version": {
                        "version_data": [
                          {
                            "affected": "=",
                            "version_affected": "=",
                            "version_name": "F2",
                            "version_value": "F2"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "GIGABYTE"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "GIGABYTE BRIX UEFI firmware does not cryptographically validate images prior to updating the system firmware. Additionally, the firmware updates are served over HTTP. An attacker can make arbitrary modifications to firmware images without being detected."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-345: Insufficient Verification of Data Authenticity"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "VU#507496",
              "refsource": "CERT-VN",
              "url": "https://www.kb.cert.org/vuls/id/507496"
            },
            {
              "name": "97294",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/97294"
            },
            {
              "name": "https://www.cylance.com/en_us/blog/gigabyte-brix-systems-vulnerabilities.html",
              "refsource": "MISC",
              "url": "https://www.cylance.com/en_us/blog/gigabyte-brix-systems-vulnerabilities.html"
            }
          ]
        },
        "source": {
          "discovery": "UNKNOWN"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
    "assignerShortName": "certcc",
    "cveId": "CVE-2017-3198",
    "datePublished": "2018-07-09T19:00:00",
    "dateReserved": "2016-12-05T00:00:00",
    "dateUpdated": "2024-08-05T14:16:28.250Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CNVD-2017-04012

CVE-2017-3198 (GCVE-0-2017-3198)

Tags

Sightings

Nomenclature