CVEs-PoC/2017/CVE-2017-3197.md

### [CVE-2017-3197](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3197)
![](https://img.shields.io/static/v1?label=Product&message=GB-BSi7H-6500&color=blue)
![](https://img.shields.io/static/v1?label=Product&message=GB-BXi7-5775&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=F2F2%20&color=brighgreen)
![](https://img.shields.io/static/v1?label=Version&message=F6F6%20&color=brighgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-693%3A%20Protection%20Mechanism%20Failure&color=brighgreen)

### Description

GIGABYTE BRIX UEFI firmware for the GB-BSi7H-6500 (version F6) and GB-BXi7-5775 (version F2) platforms does not securely implement BIOSWE, BLE, SMM_BWP, and PRx features. As a result, the BIOS is not protected from arbitrary write access and may permit modifications to the SPI flash.

### POC

#### Reference
- https://github.com/CylanceVulnResearch/disclosures/blob/master/CLVA-2017-01-002.md
- https://www.cylance.com/en_us/blog/gigabyte-brix-systems-vulnerabilities.html
- https://www.kb.cert.org/vuls/id/507496

#### Github
No PoCs found on GitHub currently.