← Back

CVE-2022-4020

nvd nist
Published: Nov 28, 2022Modified: Nov 21, 2024

JSON object

Loading...
8.2
Vector
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
Exploitability: 1.5 / Impact: 6.0
Source: NVD

Description

Vulnerability in the HQSwSmiDxe DXE driver on some consumer Acer Notebook devices may allow an attacker with elevated privileges to modify UEFI Secure Boot settings by modifying an NVRAM variable.

Affected (5)

Acer
5 products
Aspire A315 22g Firmware
Aspire A115 21 Firmware
Aspire A315 22 Firmware
Extensa Ex215 21 Firmware
Extensa Ex215 21g Firmware
Configuration A
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Aspire A315 22g Firmware
All versions
Running on/withPlatform Versions
Acer
Aspire A315 22g
All versions
Configuration B
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Aspire A115 21 Firmware
All versions
Running on/withPlatform Versions
Acer
Aspire A115 21
All versions
Configuration C
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Aspire A315 22 Firmware
All versions
Running on/withPlatform Versions
Acer
Aspire A315 22
All versions
Configuration D
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Extensa Ex215 21 Firmware
All versions
Running on/withPlatform Versions
Acer
Extensa Ex215 21
All versions
Configuration E
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Extensa Ex215 21g Firmware
All versions
Running on/withPlatform Versions
Acer
Extensa Ex215 21g
All versions

Related CWEs

CWE-276
Incorrect Default Permissions
During installation, installed file permissions are set to allow anyone to modify those files.

References (2)

Source: security@eset.com
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory

Timeline

No history available yet.