CVE-2017-3198
CRITICAL EXPLOITED IN THE WILD RANSOMWAREGIGABYTE BRIX GB-BSi7H-6500 and GB-BXi7-5775 Firmware - Insufficient Firmware Image Verification
Title source: llmExploitation Summary
CVE-2017-3198 has been observed exploited in the wild (reported by VulnCheck KEV, InTheWild.io), including in ransomware campaigns.
Description
GIGABYTE BRIX UEFI firmware does not cryptographically validate images prior to updating the system firmware. Additionally, the firmware updates are served over HTTP. An attacker can make arbitrary modifications to firmware images without being detected.
References (3)
Core 3
Core References
Third Party Advisory, US Government Resource third-party-advisory
x_refsource_cert-vn
https://www.kb.cert.org/vuls/id/507496
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/97294
Exploit, Third Party Advisory x_refsource_misc
https://www.cylance.com/en_us/blog/gigabyte-brix-systems-vulnerabilities.html
Scores
CVSS v3
9.8
EPSS
0.0160
EPSS Percentile
72.5%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
VulnCheck KEV
2017-03-31
InTheWild.io
2022-02-01
Ransomware Use
Confirmed
CWE
CWE-345
CWE-311
CWE-347
Status
published
Products (2)
gigabyte/gb-bsi7h-6500_firmware
f6
gigabyte/gb-bxi7-5775_firmware
f2
Published
Jul 09, 2018
Tracked Since
Feb 18, 2026