CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS
Percentile
5.1%
Stack overflow vulnerability in Aspire E5-475G 's BIOS firmware, in the FpGui module, a second call to GetVariable services allows local attackers to execute arbitrary code in the UEFI DXE phase and gain escalated privileges.
Vendor | Product | Version | CPE |
---|---|---|---|
acer | aspire_e5-475g | - | cpe:2.3:h:acer:aspire_e5-475g:-:*:*:*:*:*:*:* |
acer | aspire_e5-475g_firmware | 1.21 | cpe:2.3:o:acer:aspire_e5-475g_firmware:1.21:*:*:*:*:*:*:* |