CVE-2022-4020
8.1
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:H/A:H
Summary
Vulnerability in the HQSwSmiDxe DXE driver on some consumer Acer Notebook devices may allow an attacker with elevated privileges to modify UEFI Secure Boot settings by modifying an NVRAM variable.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Acer | Aspire A315-22 | 1.04 < 1.11 | affected |
| Acer | Aspire A115-21 | 1.04 < 1.11 | affected |
| Acer | Aspire A315-22G | 1.04 < 1.11 | affected |
| Acer | Extensa EX215-21 | 1.04 < 1.11 | affected |
| Acer | Extensa EX215-21G | 1.04 < 1.11 | affected |
Weaknesses
- CWE-276: CWE-276 Incorrect Default Permissions
ADP Enrichment
CVE Program Container
Additional References
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: partial
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.