GSD-2022-30426
Vulnerability from gsd - Updated: 2023-12-13 01:19Details
There is a stack buffer overflow vulnerability, which could lead to arbitrary code execution in UEFI DXE driver on some Acer products. An attack could exploit this vulnerability to escalate privilege from ring 3 to ring 0, and hijack control flow during UEFI DXE execution. This affects Altos T110 F3 firmware version <= P13 (latest) and AP130 F2 firmware version <= P04 (latest) and Aspire 1600X firmware version <= P11.A3L (latest) and Aspire 1602M firmware version <= P11.A3L (latest) and Aspire 7600U firmware version <= P11.A4 (latest) and Aspire MC605 firmware version <= P11.A4L (latest) and Aspire TC-105 firmware version <= P12.B0L (latest) and Aspire TC-120 firmware version <= P11-A4 (latest) and Aspire U5-620 firmware version <= P11.A1 (latest) and Aspire X1935 firmware version <= P11.A3L (latest) and Aspire X3475 firmware version <= P11.A3L (latest) and Aspire X3995 firmware version <= P11.A3L (latest) and Aspire XC100 firmware version <= P11.B3 (latest) and Aspire XC600 firmware version <= P11.A4 (latest) and Aspire Z3-615 firmware version <= P11.A2L (latest) and Veriton E430G firmware version <= P21.A1 (latest) and Veriton B630_49 firmware version <= AAP02SR (latest) and Veriton E430 firmware version <= P11.A4 (latest) and Veriton M2110G firmware version <= P21.A3 (latest) and Veriton M2120G fir.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2022-30426",
"id": "GSD-2022-30426"
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2022-30426"
],
"details": "There is a stack buffer overflow vulnerability, which could lead to arbitrary code execution in UEFI DXE driver on some Acer products. An attack could exploit this vulnerability to escalate privilege from ring 3 to ring 0, and hijack control flow during UEFI DXE execution. This affects Altos T110 F3 firmware version \u003c= P13 (latest) and AP130 F2 firmware version \u003c= P04 (latest) and Aspire 1600X firmware version \u003c= P11.A3L (latest) and Aspire 1602M firmware version \u003c= P11.A3L (latest) and Aspire 7600U firmware version \u003c= P11.A4 (latest) and Aspire MC605 firmware version \u003c= P11.A4L (latest) and Aspire TC-105 firmware version \u003c= P12.B0L (latest) and Aspire TC-120 firmware version \u003c= P11-A4 (latest) and Aspire U5-620 firmware version \u003c= P11.A1 (latest) and Aspire X1935 firmware version \u003c= P11.A3L (latest) and Aspire X3475 firmware version \u003c= P11.A3L (latest) and Aspire X3995 firmware version \u003c= P11.A3L (latest) and Aspire XC100 firmware version \u003c= P11.B3 (latest) and Aspire XC600 firmware version \u003c= P11.A4 (latest) and Aspire Z3-615 firmware version \u003c= P11.A2L (latest) and Veriton E430G firmware version \u003c= P21.A1 (latest) and Veriton B630_49 firmware version \u003c= AAP02SR (latest) and Veriton E430 firmware version \u003c= P11.A4 (latest) and Veriton M2110G firmware version \u003c= P21.A3 (latest) and Veriton M2120G fir.",
"id": "GSD-2022-30426",
"modified": "2023-12-13T01:19:36.613306Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-30426",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "There is a stack buffer overflow vulnerability, which could lead to arbitrary code execution in UEFI DXE driver on some Acer products. An attack could exploit this vulnerability to escalate privilege from ring 3 to ring 0, and hijack control flow during UEFI DXE execution. This affects Altos T110 F3 firmware version \u003c= P13 (latest) and AP130 F2 firmware version \u003c= P04 (latest) and Aspire 1600X firmware version \u003c= P11.A3L (latest) and Aspire 1602M firmware version \u003c= P11.A3L (latest) and Aspire 7600U firmware version \u003c= P11.A4 (latest) and Aspire MC605 firmware version \u003c= P11.A4L (latest) and Aspire TC-105 firmware version \u003c= P12.B0L (latest) and Aspire TC-120 firmware version \u003c= P11-A4 (latest) and Aspire U5-620 firmware version \u003c= P11.A1 (latest) and Aspire X1935 firmware version \u003c= P11.A3L (latest) and Aspire X3475 firmware version \u003c= P11.A3L (latest) and Aspire X3995 firmware version \u003c= P11.A3L (latest) and Aspire XC100 firmware version \u003c= P11.B3 (latest) and Aspire XC600 firmware version \u003c= P11.A4 (latest) and Aspire Z3-615 firmware version \u003c= P11.A2L (latest) and Veriton E430G firmware version \u003c= P21.A1 (latest) and Veriton B630_49 firmware version \u003c= AAP02SR (latest) and Veriton E430 firmware version \u003c= P11.A4 (latest) and Veriton M2110G firmware version \u003c= P21.A3 (latest) and Veriton M2120G fir."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://acer.com",
"refsource": "MISC",
"url": "http://acer.com"
},
{
"name": "http://altos.com",
"refsource": "MISC",
"url": "http://altos.com"
},
{
"name": "https://github.com/10TG/vulnerabilities/blob/main/Acer/CVE-2022-30426/CVE-2022-30426.md",
"refsource": "MISC",
"url": "https://github.com/10TG/vulnerabilities/blob/main/Acer/CVE-2022-30426/CVE-2022-30426.md"
}
]
}
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:acer:altos_t110_f3_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "p13",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:acer:altos_t110_f3:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:acer:ap130_f2_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "p04",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:acer:ap130_f2:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:acer:aspire_1600x_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "p11.a3l",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:acer:aspire_1600x:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:acer:aspire_1602m_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "p11.a3l",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:acer:aspire_1602m:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:acer:aspire_7600u_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "p11.a4",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:acer:aspire_7600u:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:acer:aspire_mc605_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "p11.a4l",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:acer:aspire_mc605:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:acer:aspire_tc-105_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "p12.b0l",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:acer:aspire_tc-105:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:acer:aspire_tc-120_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "p11-a4",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:acer:aspire_tc-120:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:acer:aspire_u5-620_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "p11.a1",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:acer:aspire_u5-620:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:acer:aspire_x1935_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "p11.a3l",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:acer:aspire_x1935:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:acer:aspire_x3475_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "p11.a3l",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:acer:aspire_x3475:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:acer:aspire_x3995_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "p11.a3l",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:acer:aspire_x3995:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:acer:aspire_xc100_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "p11.b3",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:acer:aspire_xc100:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:acer:aspire_xc600_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "p11.a4",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:acer:aspire_xc600:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:acer:aspire_z3-615_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "p11.a2l",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:acer:aspire_z3-615:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:acer:veriton_b630_49_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "aap02sr",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:acer:veriton_b630_49:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:acer:veriton_e430g_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "p21.a1",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:acer:veriton_e430g:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:acer:veriton_e430_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "p11.a4",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:acer:veriton_e430:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:acer:veriton_m2110g_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "p21.a3",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:acer:veriton_m2110g:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:acer:veriton_m2120g_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "p11-a3",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:acer:veriton_m2120g:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:acer:veriton_m2611g_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "p11-b0l",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:acer:veriton_m2611g:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:acer:veriton_m2611_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "p11.b0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:acer:veriton_m2611:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:acer:veriton_m4620_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "p21.a3",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:acer:veriton_m4620:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:acer:veriton_m4620g_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "p21.a3",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:acer:veriton_m4620g:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:acer:veriton_m6620g_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "p21.a0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:acer:veriton_m6620g:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:acer:veriton_n2620g_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "p21.b0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:acer:veriton_n2620g:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:acer:veriton_n4620g_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "p11.a2l",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:acer:veriton_n4620g:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:acer:veriton_n4630g_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "p21.b0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:acer:veriton_n4630g:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:acer:veriton_s6620g_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "p11.a1",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:acer:veriton_s6620g:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:acer:veriton_x2611g_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "p11.a4",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:acer:veriton_x2611g:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:acer:veriton_x2611_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "p11.a4",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:acer:veriton_x2611:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:acer:veriton_x4620g_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "p11.a3",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:acer:veriton_x4620g:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:acer:veriton_x6620g_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "p11.a3",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:acer:veriton_x6620g:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:acer:veriton_z2650g_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "p21.a1",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:acer:veriton_z2650g:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-30426"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "There is a stack buffer overflow vulnerability, which could lead to arbitrary code execution in UEFI DXE driver on some Acer products. An attack could exploit this vulnerability to escalate privilege from ring 3 to ring 0, and hijack control flow during UEFI DXE execution. This affects Altos T110 F3 firmware version \u003c= P13 (latest) and AP130 F2 firmware version \u003c= P04 (latest) and Aspire 1600X firmware version \u003c= P11.A3L (latest) and Aspire 1602M firmware version \u003c= P11.A3L (latest) and Aspire 7600U firmware version \u003c= P11.A4 (latest) and Aspire MC605 firmware version \u003c= P11.A4L (latest) and Aspire TC-105 firmware version \u003c= P12.B0L (latest) and Aspire TC-120 firmware version \u003c= P11-A4 (latest) and Aspire U5-620 firmware version \u003c= P11.A1 (latest) and Aspire X1935 firmware version \u003c= P11.A3L (latest) and Aspire X3475 firmware version \u003c= P11.A3L (latest) and Aspire X3995 firmware version \u003c= P11.A3L (latest) and Aspire XC100 firmware version \u003c= P11.B3 (latest) and Aspire XC600 firmware version \u003c= P11.A4 (latest) and Aspire Z3-615 firmware version \u003c= P11.A2L (latest) and Veriton E430G firmware version \u003c= P21.A1 (latest) and Veriton B630_49 firmware version \u003c= AAP02SR (latest) and Veriton E430 firmware version \u003c= P11.A4 (latest) and Veriton M2110G firmware version \u003c= P21.A3 (latest) and Veriton M2120G fir."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/10TG/vulnerabilities/blob/main/Acer/CVE-2022-30426/CVE-2022-30426.md",
"refsource": "MISC",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/10TG/vulnerabilities/blob/main/Acer/CVE-2022-30426/CVE-2022-30426.md"
},
{
"name": "http://altos.com",
"refsource": "MISC",
"tags": [
"Broken Link"
],
"url": "http://altos.com"
},
{
"name": "http://acer.com",
"refsource": "MISC",
"tags": [
"Vendor Advisory"
],
"url": "http://acer.com"
}
]
}
},
"impact": {
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
},
"lastModifiedDate": "2022-09-26T14:35Z",
"publishedDate": "2022-09-23T00:15Z"
}
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…