Vulnerability details
Advisory: SB2023060107 - Backdoor in Gigabyte UEFI firmware
Vulnerable component: UEFI firmware
CVE-ID:
CVSSv3 score: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:H/RL:O/RC:C
CWE-ID: CWE-506 - Embedded Malicious Code
Description:
The vulnerability allows a remote attacker to gain unauthorized access to the system.
The vulnerability exists due to presence of embedded malicious functionality (aka backdoor) in the UEFI firmware that was downloaded from the official website using the Gigabyte's App Center. This allows a remote attacker to gain full control over the system.
Note, the vulnerability is being actively exploited in the wild.