Insecure Firmware Update Process in GIGABYTE BRIX UEFI

Insecure Firmware Update Process in GIGABYTE BRIX UEFI

CVE-2017-3198 · HIGH Severity

AV:N/AC:L/AU:N/C:C/I:C/A:C

GIGABYTE BRIX UEFI firmware does not cryptographically validate images prior to updating the system firmware. Additionally, the firmware updates are served over HTTP. An attacker can make arbitrary modifications to firmware images without being detected.

Learn more about our Web Application Penetration Testing UK.