Lucene search

ESETCVE-2022-4020

HistoryNov 28, 2022 - 1:15 p.m.

CVE-2022-4020

2022-11-2813:15:10

CWE-276

ESET

web.nvd.nist.gov

cve-2022-4020

vulnerability

hqswsmidxe

dxe driver

acer notebook

uefi secure boot

nvram variable

CVSS3

8.2

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

AI Score

Confidence

High

EPSS

Percentile

12.6%

JSON

Vulnerability in the HQSwSmiDxe DXE driver on some consumer Acer Notebook devices may allow an attacker with elevated privileges to modify UEFI Secure Boot settings by modifying an NVRAM variable.

Affected configurations

Nvd

Node

aceraspire_a315-22g_firmwareMatch-

AND

aceraspire_a315-22gMatch-

Node

aceraspire_a115-21_firmwareMatch-

AND

aceraspire_a115-21Match-

Node

aceraspire_a315-22_firmwareMatch-

AND

aceraspire_a315-22Match-

Node

acerextensa_ex215-21_firmwareMatch-

AND

acerextensa_ex215-21Match-

Node

acerextensa_ex215-21g_firmwareMatch-

AND

acerextensa_ex215-21gMatch-

VendorProductVersionCPE
aceraspire_a315-22g_firmware-cpe:2.3:o:acer:aspire_a315-22g_firmware:-:*:*:*:*:*:*:*
aceraspire_a315-22g-cpe:2.3:h:acer:aspire_a315-22g:-:*:*:*:*:*:*:*
aceraspire_a115-21_firmware-cpe:2.3:o:acer:aspire_a115-21_firmware:-:*:*:*:*:*:*:*
aceraspire_a115-21-cpe:2.3:h:acer:aspire_a115-21:-:*:*:*:*:*:*:*
aceraspire_a315-22_firmware-cpe:2.3:o:acer:aspire_a315-22_firmware:-:*:*:*:*:*:*:*
aceraspire_a315-22-cpe:2.3:h:acer:aspire_a315-22:-:*:*:*:*:*:*:*
acerextensa_ex215-21_firmware-cpe:2.3:o:acer:extensa_ex215-21_firmware:-:*:*:*:*:*:*:*
acerextensa_ex215-21-cpe:2.3:h:acer:extensa_ex215-21:-:*:*:*:*:*:*:*
acerextensa_ex215-21g_firmware-cpe:2.3:o:acer:extensa_ex215-21g_firmware:-:*:*:*:*:*:*:*
acerextensa_ex215-21g-cpe:2.3:h:acer:extensa_ex215-21g:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
acer	aspire_a315-22g_firmware	-	cpe:2.3:o:acer:aspire_a315-22g_firmware:-:::::::*
acer	aspire_a315-22g	-	cpe:2.3:h:acer:aspire_a315-22g:-:::::::*
acer	aspire_a115-21_firmware	-	cpe:2.3:o:acer:aspire_a115-21_firmware:-:::::::*
acer	aspire_a115-21	-	cpe:2.3:h:acer:aspire_a115-21:-:::::::*
acer	aspire_a315-22_firmware	-	cpe:2.3:o:acer:aspire_a315-22_firmware:-:::::::*
acer	aspire_a315-22	-	cpe:2.3:h:acer:aspire_a315-22:-:::::::*
acer	extensa_ex215-21_firmware	-	cpe:2.3:o:acer:extensa_ex215-21_firmware:-:::::::*
acer	extensa_ex215-21	-	cpe:2.3:h:acer:extensa_ex215-21:-:::::::*
acer	extensa_ex215-21g_firmware	-	cpe:2.3:o:acer:extensa_ex215-21g_firmware:-:::::::*
acer	extensa_ex215-21g	-	cpe:2.3:h:acer:extensa_ex215-21g:-:::::::*

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "modules": [
      "BIOS/firmware"
    ],
    "product": "Aspire A315-22",
    "vendor": "Acer",
    "versions": [
      {
        "lessThan": "1.11",
        "status": "affected",
        "version": "1.04",
        "versionType": "custom"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "modules": [
      "BIOS/firmware"
    ],
    "product": "Aspire A115-21",
    "vendor": "Acer",
    "versions": [
      {
        "lessThan": "1.11",
        "status": "affected",
        "version": "1.04",
        "versionType": "custom"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "modules": [
      "BIOS/firmware"
    ],
    "product": "Aspire A315-22G",
    "vendor": "Acer",
    "versions": [
      {
        "lessThan": "1.11",
        "status": "affected",
        "version": "1.04",
        "versionType": "custom"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "modules": [
      "BIOS/firmware"
    ],
    "product": "Extensa EX215-21",
    "vendor": "Acer",
    "versions": [
      {
        "lessThan": "1.11",
        "status": "affected",
        "version": "1.04",
        "versionType": "custom"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "modules": [
      "BIOS/firmware"
    ],
    "product": "Extensa EX215-21G",
    "vendor": "Acer",
    "versions": [
      {
        "lessThan": "1.11",
        "status": "affected",
        "version": "1.04",
        "versionType": "custom"
      }
    ]
  }
]

References

community.acer.com/en/kb/articles/15520-security-vulnerability-regarding-vulnerability-that-may-allow-changes-to-secure-boot-settings

Social References

CVSS3

8.2

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

AI Score

Confidence

High

EPSS

Percentile

12.6%

JSON

Related for CVE-2022-4020