Описание
GIGABYTE BRIX UEFI firmware does not cryptographically validate images prior to updating the system firmware. Additionally, the firmware updates are served over HTTP. An attacker can make arbitrary modifications to firmware images without being detected.
Ссылки
- Third Party AdvisoryVDB Entry
- ExploitThird Party Advisory
- Third Party AdvisoryUS Government Resource
- Third Party AdvisoryVDB Entry
- ExploitThird Party Advisory
- Third Party AdvisoryUS Government Resource
Уязвимые конфигурации
Конфигурация 1
Одновременно
cpe:2.3:o:gigabyte:gb-bsi7h-6500_firmware:f6:*:*:*:*:*:*:*
cpe:2.3:h:gigabyte:gb-bsi7h-6500:-:*:*:*:*:*:*:*
Конфигурация 2
Одновременно
cpe:2.3:o:gigabyte:gb-bxi7-5775_firmware:f2:*:*:*:*:*:*:*
cpe:2.3:h:gigabyte:gb-bxi7-5775:-:*:*:*:*:*:*:*
EPSS
Процентиль: 44%
0.00212
Низкий
9.8 Critical
CVSS3
10 Critical
CVSS2
Дефекты
CWE-345
CWE-311
Связанные уязвимости
CVSS3: 9.8
github
больше 3 лет назад
GIGABYTE BRIX UEFI firmware does not cryptographically validate images prior to updating the system firmware. Additionally, the firmware updates are served over HTTP. An attacker can make arbitrary modifications to firmware images without being detected.
EPSS
Процентиль: 44%
0.00212
Низкий
9.8 Critical
CVSS3
10 Critical
CVSS2
Дефекты
CWE-345
CWE-311