CVE-2024-8105

MEDIUM

Acer vz2694g, Aspire S 27, Aspire S32-1856, Aspire XC-1710 - Insecure Platform Key Usage

Title source: llm
STIX 2.1

Description

A vulnerability exists in UEFI implementations that use a hard-coded software-based Platform Key (PK). An attacker in possession of the corresponding PK private key can sign arbitrary UEFI executables or firmware components, causing them to be trusted by affected systems and potentially bypassing UEFI Secure Boot trust validation.

Scores

CVSS v3 6.4
EPSS 0.0024
EPSS Percentile 15.0%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation poc
Automatable no
Technical Impact total

Details

Status published
Products (50)
Acer/altos r680 f4 a2679a9595a104d70bddc024dbc4f65f0dc9d906f30a0d1ae6b996b14246a6c2
Acer/altos r680s f4 e5fdaabf11b236c5c7b040d674936e84db746a180ab9999317e16dcb77aeeba4
Acer/aspire c22-1600 d938d08543d35d4249a51057c1d9c62bb1f6440af19913c5feffcea47dd3de95
Acer/aspire s 27 2bd2bfaf79a72eaca45e544e5c6a5bb842b292bdc229b8975b3101a4013e0d5f
Acer/aspire s32-1856 29837e239487cc83818a7f40f9280d9692a50376487899edd603494b0f30e4c5
Acer/aspire xc-1710 cdaa406bda1a58fbe9933622dec218a26f79871d42f0d3576fbf878e51a16201
Acer/c24-1655 399f68dc94a6c42030efcd57fd034ff721f860b7b5d447779e7a6a6c99aba34f
Acer/c24-962 3d525f96f63995c51ab1bcd2c50ebb71661ffeca9f78f97cc97e851d0e2bbbdd
Acer/vz2694g d61d0e09d008bfb29bc32532b1b94fcc4ee2af5e8372c6d38722a4e73ecc71d6
Aopen/iAPLx-DE(TAA30 TEST) 94c6f84946db100b505af8a308f69ef6cddc2e310b50641a6e2e63bc9aed54e0
... and 40 more
Published Aug 26, 2024
Tracked Since Feb 18, 2026