admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-28 17:21:36 +00:00
Code Issues Packages Projects Releases Wiki Activity
nvd-json-data-feeds/CVE-2022/CVE-2022-40xx/CVE-2022-4020.json
cad-safe-bot db95377d9f Auto-Update: 2024-04-04T08:42:25.815847+00:00
2024-04-04 08:46:00 +00:00

229 lines
6.2 KiB
JSON
Raw Blame History

{
"id": "CVE-2022-4020",
"sourceIdentifier": "security@eset.com",
"published": "2022-11-28T13:15:10.180",
"lastModified": "2023-11-07T03:56:42.807",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
"value": "Vulnerability in the\u00a0HQSwSmiDxe DXE driver on some consumer Acer Notebook devices may allow an attacker with elevated privileges to modify UEFI Secure Boot settings by modifying an NVRAM variable.\n\n\n"
},
{
"lang": "es",
"value": "Una vulnerabilidad en el controlador HQSwSmiDxe DXE en algunos dispositivos port\u00e1tiles Acer de consumo puede permitir que un atacante con privilegios elevados modifique la configuraci\u00f3n de arranque seguro UEFI modificando una variable NVRAM."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.2,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.5,
"impactScore": 6.0
},
{
"source": "security@eset.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.5,
"impactScore": 6.0
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-276"
}
]
},
{
"source": "security@eset.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-276"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:acer:aspire_a315-22g_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AF67F568-6A74-4789-B59A-FFE5D03EF0E6"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:acer:aspire_a315-22g:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A638EBAC-1449-4FE2-BBF9-59517E4D4671"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:acer:aspire_a115-21_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2BEBF1F1-34CA-4449-A593-FA0D9C4B3BF2"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:acer:aspire_a115-21:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CE7938F2-00F7-470E-B442-F276D175A4FA"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:acer:aspire_a315-22_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FB4C05A5-A52F-4115-B0EB-D445E0EA48AF"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:acer:aspire_a315-22:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1C4616CD-F646-4E62-964E-773A5FDA0507"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:acer:extensa_ex215-21_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "28620492-E1FD-4A25-9329-F9987FD75723"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:acer:extensa_ex215-21:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A4B5C395-7349-407C-BD81-9D6D2927F8D5"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:acer:extensa_ex215-21g_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0557639F-127A-42FE-B5CF-08F3E0A5A296"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:acer:extensa_ex215-21g:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E6CD41DC-094E-4765-A234-12CEED5C586C"
}
]
}
]
}
],
"references": [
{
"url": "https://community.acer.com/en/kb/articles/15520-security-vulnerability-regarding-vulnerability-that-may-allow-changes-to-secure-boot-settings",
"source": "security@eset.com",
"tags": [
"Vendor Advisory"
]
}
]
}
Reference in New Issue View Git Blame Copy Permalink