Lucene search

[email protected]CVE-2022-40080

HistoryFeb 16, 2023 - 8:15 p.m.

CVE-2022-40080

2023-02-1620:15:15

CWE-787

[email protected]

web.nvd.nist.gov

cve

2022

40080

stack overflow

vulnerability

aspire e5-475g

bios firmware

local attackers

arbitrary code

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

0.0004 Low

EPSS

Percentile

5.1%

JSON

Stack overflow vulnerability in Aspire E5-475G 's BIOS firmware, in the FpGui module, a second call to GetVariable services allows local attackers to execute arbitrary code in the UEFI DXE phase and gain escalated privileges.

Affected configurations

NVD

Node

aceraspire_e5-475gMatch-

AND

aceraspire_e5-475g_firmwareMatch1.21

CPENameOperatorVersion
acer:aspire_e5-475g_firmwareacer aspire e5-475g firmwareeq1.21

CPE	Name	Operator	Version
acer:aspire_e5-475g_firmware	acer aspire e5-475g firmware	eq	1.21

References

acer.com/

github.com/10TG/vulnerabilities/blob/main/Acer/CVE-2022-40080/CVE-2022-40080.md

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

0.0004 Low

EPSS

Percentile

5.1%

JSON

Related for CVE-2022-40080

prion1 cvelist1 nvd1