CVE-2022-21933

Published: Jan 21, 2022Modified: Nov 21, 2024

7.8

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 1.8 / Impact: 5.9

Source: NVD

Description

ASUS VivoMini/Mini PC device has an improper input validation vulnerability. A local attacker with system privilege can use system management interrupt (SMI) to modify memory, resulting in arbitrary code execution for controlling the system or disrupting service.

Affected (13)

Products: Asus: Vc65 C1 Firmware, Pb60v Firmware, Pb60g Firmware, Pb60s Firmware, Pa90 Firmware, Pb50 Firmware, Pb60 Firmware, Pb61v Firmware, Ts10 Firmware, Pn40 Firmware, Pn60 Firmware, Pn30 Firmware, Un65u Firmware

13 products

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Asus Vc65 C1 Firmware	Before 1302

Running on/with	Platform Versions
Asus Vc65 C1	All versions

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Asus Pb60v Firmware	Before 1302

Running on/with	Platform Versions
Asus Pb60v	All versions

Configuration C

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Asus Pb60g Firmware	Before 1302

Running on/with	Platform Versions
Asus Pb60g	All versions

Configuration D

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Asus Pb60s Firmware	Before 1302

Running on/with	Platform Versions
Asus Pb60s	All versions

Configuration E

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Asus Pa90 Firmware	Before 1401

Running on/with	Platform Versions
Asus Pa90	All versions

Configuration F

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Asus Pb50 Firmware	Before 902

Running on/with	Platform Versions
Asus Pb50	All versions

Configuration G

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Asus Pb60 Firmware	Before 1502

Running on/with	Platform Versions
Asus Pb60	All versions

Configuration H

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Asus Pb61v Firmware	Before 601

Running on/with	Platform Versions
Asus Pb61v	All versions

Configuration I

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Asus Ts10 Firmware	Before 609

Running on/with	Platform Versions
Asus Ts10	All versions

Configuration J

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Asus Pn40 Firmware	Before 2201

Running on/with	Platform Versions
Asus Pn40	All versions

Configuration K

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Asus Pn60 Firmware	Before 808

Running on/with	Platform Versions
Asus Pn60	All versions

Configuration L

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Asus Pn30 Firmware	Before 320

Running on/with	Platform Versions
Asus Pn30	All versions

Configuration M

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Asus Un65u Firmware	Before 618

Running on/with	Platform Versions
Asus Un65u	All versions

Related CWEs

CWE-20

Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

CWE-787

Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.

References (2)

https://www.twcert.org.tw/tw/cp-132-5547-34bc4-1.html

Source: twcert@cert.org.tw

Third Party Advisory

https://www.twcert.org.tw/tw/cp-132-5547-34bc4-1.html

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

Timeline

No history available yet.