Lucene search

[email protected]NVD:CVE-2022-40080

HistoryFeb 16, 2023 - 8:15 p.m.

CVE-2022-40080

2023-02-1620:15:15

CWE-787

[email protected]

web.nvd.nist.gov

stack overflow

aspire e5-475g

bios

firmware

fpgui module

getvariable services

local attackers

arbitrary code

uefi dxe phase

escalated privileges

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS

Percentile

5.1%

JSON

Stack overflow vulnerability in Aspire E5-475G 's BIOS firmware, in the FpGui module, a second call to GetVariable services allows local attackers to execute arbitrary code in the UEFI DXE phase and gain escalated privileges.

Affected configurations

Nvd

Node

aceraspire_e5-475gMatch-

AND

aceraspire_e5-475g_firmwareMatch1.21

VendorProductVersionCPE
aceraspire_e5-475g-cpe:2.3:h:acer:aspire_e5-475g:-:*:*:*:*:*:*:*
aceraspire_e5-475g_firmware1.21cpe:2.3:o:acer:aspire_e5-475g_firmware:1.21:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
acer	aspire_e5-475g	-	cpe:2.3:h:acer:aspire_e5-475g:-:::::::*
acer	aspire_e5-475g_firmware	1.21	cpe:2.3:o:acer:aspire_e5-475g_firmware:1.21:::::::*

References

acer.com/

github.com/10TG/vulnerabilities/blob/main/Acer/CVE-2022-40080/CVE-2022-40080.md

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS

Percentile

5.1%

JSON

Related for NVD:CVE-2022-40080

cve1 prion1 cvelist1