CVE-2022-21933

Common vulnerabilities & exposures (CVE)

CVE database CVE database blogpost Release & EoL database

Published at: - 21-01-2022 10:15

Last modified: - 27-01-2022 05:30

Total changes: - 2

Description

ASUS VivoMini/Mini PC device has an improper input validation vulnerability. A local attacker with system privilege can use system management interrupt (SMI) to modify memory, resulting in arbitrary code execution for controlling the system or disrupting service.

Common Vulnerability Scoring System (CVSS)

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Low

Attack complexity

Local

Attack vector

High

Availability

High

Confidentiality

High

Integrity

Low

Privileges required

Unchanged

Scope

None

User interaction

7.8

Base score

1.8

5.9

Exploitability score

Impact score

Verification logic

AND

vendor=asus AND product=vc65-c1_firmware AND versionEndExcluding=1302

vendor=asus AND product=vc65-c1 AND version=-

AND

vendor=asus AND product=pb60v_firmware AND versionEndExcluding=1302

vendor=asus AND product=pb60v AND version=-

AND

vendor=asus AND product=pb60g_firmware AND versionEndExcluding=1302

vendor=asus AND product=pb60g AND version=-

AND

vendor=asus AND product=pb60s_firmware AND versionEndExcluding=1302

vendor=asus AND product=pb60s AND version=-

AND

vendor=asus AND product=pa90_firmware AND versionEndExcluding=1401

vendor=asus AND product=pa90 AND version=-

AND

vendor=asus AND product=pb50_firmware AND versionEndExcluding=902

vendor=asus AND product=pb50 AND version=-

AND

vendor=asus AND product=pb60_firmware AND versionEndExcluding=1502

vendor=asus AND product=pb60 AND version=-

AND

vendor=asus AND product=pb61v_firmware AND versionEndExcluding=601

vendor=asus AND product=pb61v AND version=-

AND

vendor=asus AND product=ts10_firmware AND versionEndExcluding=609

vendor=asus AND product=ts10 AND version=-

AND

vendor=asus AND product=pn40_firmware AND versionEndExcluding=2201

vendor=asus AND product=pn40 AND version=-

AND

vendor=asus AND product=pn60_firmware AND versionEndExcluding=808

vendor=asus AND product=pn60 AND version=-

AND

vendor=asus AND product=pn30_firmware AND versionEndExcluding=320

vendor=asus AND product=pn30 AND version=-

AND

vendor=asus AND product=un65u_firmware AND versionEndExcluding=618

vendor=asus AND product=un65u AND version=-

Reference

N/A-Third Party Advisory

Keywords

CVE-2022-21933

Common vulnerabilities & exposures (CVE)

Description

Common Vulnerability Scoring System (CVSS)

Verification logic

Reference

NVD

CVE-2022-21933

CVE

Common vulnerabilities & exposures

CVSS

Common vulnerability scoring system

Security

Vulnerabilities

Exposures