Vulnerability in the HQSwSmiDxe DXE driver on some consumer Acer Notebook devices may allow an attacker with elevated privileges to modify UEFI Secure Boot settings by modifying an NVRAM variable.
References
Configurations
Configuration 1 (hide)
AND |
|
Configuration 2 (hide)
AND |
|
Configuration 3 (hide)
AND |
|
Configuration 4 (hide)
AND |
|
Configuration 5 (hide)
AND |
|
History
07 Nov 2023, 03:56
Type | Values Removed | Values Added |
---|---|---|
Summary | Vulnerability in the HQSwSmiDxe DXE driver on some consumer Acer Notebook devices may allow an attacker with elevated privileges to modify UEFI Secure Boot settings by modifying an NVRAM variable. |
01 Dec 2022, 20:23
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:o:acer:aspire_a315-22g_firmware:-:*:*:*:*:*:*:* cpe:2.3:h:acer:extensa_ex215-21:-:*:*:*:*:*:*:* cpe:2.3:o:acer:aspire_a115-21_firmware:-:*:*:*:*:*:*:* cpe:2.3:h:acer:aspire_a315-22:-:*:*:*:*:*:*:* cpe:2.3:o:acer:aspire_a315-22_firmware:-:*:*:*:*:*:*:* cpe:2.3:h:acer:extensa_ex215-21g:-:*:*:*:*:*:*:* cpe:2.3:o:acer:extensa_ex215-21g_firmware:-:*:*:*:*:*:*:* cpe:2.3:h:acer:aspire_a115-21:-:*:*:*:*:*:*:* cpe:2.3:o:acer:extensa_ex215-21_firmware:-:*:*:*:*:*:*:* cpe:2.3:h:acer:aspire_a315-22g:-:*:*:*:*:*:*:* |
|
CWE | CWE-276 | |
First Time |
Acer aspire A115-21 Firmware
Acer aspire A315-22 Acer aspire A315-22g Firmware Acer aspire A315-22g Acer extensa Ex215-21 Acer aspire A115-21 Acer extensa Ex215-21g Acer aspire A315-22 Firmware Acer Acer extensa Ex215-21g Firmware Acer extensa Ex215-21 Firmware |
|
References | (MISC) https://community.acer.com/en/kb/articles/15520-security-vulnerability-regarding-vulnerability-that-may-allow-changes-to-secure-boot-settings - Vendor Advisory | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 8.2 |
28 Nov 2022, 13:55
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2022-11-28 13:15
Updated : 2023-12-10 14:48
NVD link : CVE-2022-4020
Mitre link : CVE-2022-4020
CVE.ORG link : CVE-2022-4020
JSON object : View
Products Affected
acer
- extensa_ex215-21
- aspire_a315-22
- aspire_a315-22g
- extensa_ex215-21g
- aspire_a315-22g_firmware
- extensa_ex215-21g_firmware
- aspire_a115-21_firmware
- extensa_ex215-21_firmware
- aspire_a315-22_firmware
- aspire_a115-21
CWE
CWE-276
Incorrect Default Permissions