Zero-day vulnerability in UEFI firmware

Embedded malicious code (backdoor)

2023-05-31

2023-06-01

Vulnerability details

Advisory: SB2023060107 - Backdoor in Gigabyte UEFI firmware

Vulnerable component: UEFI firmware

CVE-ID:

CVSSv3 score: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:H/RL:O/RC:C

CWE-ID: CWE-506 - Embedded Malicious Code

Description:

The vulnerability allows a remote attacker to gain unauthorized access to the system.

The vulnerability exists due to presence of embedded malicious functionality (aka backdoor) in the UEFI firmware that was downloaded from the official website using the Gigabyte's App Center. This allows a remote attacker to gain full control over the system.

Note, the vulnerability is being actively exploited in the wild.

External links:

https://eclypsium.com/blog/supply-chain-risk-from-gigabyte-app-center-backdoor/

https://www.gigabyte.com/Press/News/2091

About zero-day vulnerabilities

Zero-day vulnerability is an undisclosed vulnerability in software that hackers can exploit to compromise computer programs, gain unauthorized access to sensitive data, penetrate networks, etc. We consider vulnerability a zero-day when there is no solution provided from software vendor and the vulnerability is being actively exploited by malicious actors.

Zero-day candidate is a potential zero-day vulnerability in software which might have been used in targeted attacks, however there is no evidence to support this suggestion.