CVE-2017-3198
09.07.2018, 19:29
GIGABYTE BRIX UEFI firmware does not cryptographically validate images prior to updating the system firmware. Additionally, the firmware updates are served over HTTP. An attacker can make arbitrary modifications to firmware images without being detected.Enginsight
Awaiting analysis
This vulnerability is currently awaiting analysis.
Common Weakness Enumeration
- CWE-345 - Insufficient Verification of Data AuthenticityThe software does not sufficiently verify the origin or authenticity of data, in a way that causes it to accept invalid data.
- CWE-311 - Missing Encryption of Sensitive DataThe software does not encrypt sensitive or critical information before storage or transmission.
References