Vulnerabilities > CVE-2022-40080 - Out-of-bounds Write vulnerability in Acer Aspire E5-475G Firmware 1.21

CVSS 7.8 - HIGH

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

local

low complexity

acer

CWE-787

NVD

Published: 2023-02-16

Updated: 2023-02-24

Summary

Stack overflow vulnerability in Aspire E5-475G 's BIOS firmware, in the FpGui module, a second call to GetVariable services allows local attackers to execute arbitrary code in the UEFI DXE phase and gain escalated privileges.

Vulnerable Configurations

Part	Description	Count
OS	Acer Acer Aspire E5 475G Firmware 1.21	1
Hardware	Acer Acer Aspire E5 475G -	1

Common Weakness Enumeration (CWE)

CWE-787 - Out-of-bounds Write

References

https://acer.com/
https://github.com/10TG/vulnerabilities/blob/main/Acer/CVE-2022-40080/CVE-2022-40080.md