Stack overflow vulnerability in Aspire E5-475G 's BIOS firmware, in the FpGui module, a second call to GetVariable services allows local attackers to execute arbitrary code in the UEFI DXE phase and gain escalated privileges.
References
Link | Resource |
---|---|
https://acer.com/ | Not Applicable |
https://github.com/10TG/vulnerabilities/blob/main/Acer/CVE-2022-40080/CVE-2022-40080.md | Exploit Third Party Advisory |
Configurations
Configuration 1 (hide)
AND |
|
History
24 Feb 2023, 20:40
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-787 | |
CPE | cpe:2.3:o:acer:aspire_e5-475g_firmware:1.21:*:*:*:*:*:*:* cpe:2.3:h:acer:aspire_e5-475g:-:*:*:*:*:*:*:* |
|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 7.8 |
First Time |
Acer
Acer aspire E5-475g Firmware Acer aspire E5-475g |
|
References | (MISC) https://acer.com/ - Not Applicable | |
References | (MISC) https://github.com/10TG/vulnerabilities/blob/main/Acer/CVE-2022-40080/CVE-2022-40080.md - Exploit, Third Party Advisory |
16 Feb 2023, 20:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-02-16 20:15
Updated : 2023-12-10 14:48
NVD link : CVE-2022-40080
Mitre link : CVE-2022-40080
CVE.ORG link : CVE-2022-40080
JSON object : View
Products Affected
acer
- aspire_e5-475g_firmware
- aspire_e5-475g
CWE
CWE-787
Out-of-bounds Write