CVE-2022-4020
Acer Aspire BIOS vulnerability
Severity Score
8.2
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
Vulnerability in the HQSwSmiDxe DXE driver on some consumer Acer Notebook devices may allow an attacker with elevated privileges to modify UEFI Secure Boot settings by modifying an NVRAM variable.
Una vulnerabilidad en el controlador HQSwSmiDxe DXE en algunos dispositivos portátiles Acer de consumo puede permitir que un atacante con privilegios elevados modifique la configuración de arranque seguro UEFI modificando una variable NVRAM.
*Credits:
Martin Smolár @ ESET
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2022-11-16 CVE Reserved
- 2022-11-28 CVE Published
- 2024-06-20 EPSS Updated
- 2024-08-03 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-276: Incorrect Default Permissions
CAPEC
- CAPEC-176: Configuration/Environment Manipulation
References (1)
URL | Tag | Source |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Acer Search vendor "Acer" | Aspire A315-22g Firmware Search vendor "Acer" for product "Aspire A315-22g Firmware" | - | - |
Affected
| in | Acer Search vendor "Acer" | Aspire A315-22g Search vendor "Acer" for product "Aspire A315-22g" | - | - |
Safe
|
Acer Search vendor "Acer" | Aspire A115-21 Firmware Search vendor "Acer" for product "Aspire A115-21 Firmware" | - | - |
Affected
| in | Acer Search vendor "Acer" | Aspire A115-21 Search vendor "Acer" for product "Aspire A115-21" | - | - |
Safe
|
Acer Search vendor "Acer" | Aspire A315-22 Firmware Search vendor "Acer" for product "Aspire A315-22 Firmware" | - | - |
Affected
| in | Acer Search vendor "Acer" | Aspire A315-22 Search vendor "Acer" for product "Aspire A315-22" | - | - |
Safe
|
Acer Search vendor "Acer" | Extensa Ex215-21 Firmware Search vendor "Acer" for product "Extensa Ex215-21 Firmware" | - | - |
Affected
| in | Acer Search vendor "Acer" | Extensa Ex215-21 Search vendor "Acer" for product "Extensa Ex215-21" | - | - |
Safe
|
Acer Search vendor "Acer" | Extensa Ex215-21g Firmware Search vendor "Acer" for product "Extensa Ex215-21g Firmware" | - | - |
Affected
| in | Acer Search vendor "Acer" | Extensa Ex215-21g Search vendor "Acer" for product "Extensa Ex215-21g" | - | - |
Safe
|