Unknown
CVE-2022-30426
CVE ID
AttackerKB requires a CVE ID in order to pull vulnerability data and references from the CVE list and the National Vulnerability Database. If available, please supply below:
Add References:
CVE-2022-30426
MITRE ATT&CK
Collection
Command and Control
Credential Access
Defense Evasion
Discovery
Execution
Exfiltration
Impact
Initial Access
Lateral Movement
Persistence
Privilege Escalation
Topic Tags
Description
There is a stack buffer overflow vulnerability, which could lead to arbitrary code execution in UEFI DXE driver on some Acer products. An attack could exploit this vulnerability to escalate privilege from ring 3 to ring 0, and hijack control flow during UEFI DXE execution. This affects Altos T110 F3 firmware version <= P13 (latest) and AP130 F2 firmware version <= P04 (latest) and Aspire 1600X firmware version <= P11.A3L (latest) and Aspire 1602M firmware version <= P11.A3L (latest) and Aspire 7600U firmware version <= P11.A4 (latest) and Aspire MC605 firmware version <= P11.A4L (latest) and Aspire TC-105 firmware version <= P12.B0L (latest) and Aspire TC-120 firmware version <= P11-A4 (latest) and Aspire U5-620 firmware version <= P11.A1 (latest) and Aspire X1935 firmware version <= P11.A3L (latest) and Aspire X3475 firmware version <= P11.A3L (latest) and Aspire X3995 firmware version <= P11.A3L (latest) and Aspire XC100 firmware version <= P11.B3 (latest) and Aspire XC600 firmware version <= P11.A4 (latest) and Aspire Z3-615 firmware version <= P11.A2L (latest) and Veriton E430G firmware version <= P21.A1 (latest) and Veriton B630_49 firmware version <= AAP02SR (latest) and Veriton E430 firmware version <= P11.A4 (latest) and Veriton M2110G firmware version <= P21.A3 (latest) and Veriton M2120G fir.
Add Assessment
No one has assessed this topic. Be the first to add your voice to the community.
CVSS V3 Severity and Metrics
General Information
Vendors
Products
- altos t110 f3 firmware,
- ap130 f2 firmware,
- aspire 1600x firmware,
- aspire 1602m firmware,
- aspire 7600u firmware,
- aspire mc605 firmware,
- aspire tc-105 firmware,
- aspire tc-120 firmware,
- aspire u5-620 firmware,
- aspire x1935 firmware,
- aspire x3475 firmware,
- aspire x3995 firmware,
- aspire xc100 firmware,
- aspire xc600 firmware,
- aspire z3-615 firmware,
- veriton b630 49 firmware,
- veriton e430 firmware,
- veriton e430g firmware,
- veriton m2110g firmware,
- veriton m2120g firmware,
- veriton m2611 firmware,
- veriton m2611g firmware,
- veriton m4620 firmware,
- veriton m4620g firmware,
- veriton m6620g firmware,
- veriton n2620g firmware,
- veriton n4620g firmware,
- veriton n4630g firmware,
- veriton s6620g firmware,
- veriton x2611 firmware,
- veriton x2611g firmware,
- veriton x4620g firmware,
- veriton x6620g firmware,
- veriton z2650g firmware
References
Additional Info
Technical Analysis
Report as Emergent Threat Response
Report as Zero-day Exploit
Report as Exploited in the Wild
CVE ID
AttackerKB requires a CVE ID in order to pull vulnerability data and references from the CVE list and the National Vulnerability Database. If available, please supply below:
