Search criteria
3 vulnerabilities found for pb61v_firmware by asus
FKIE_CVE-2022-21933
Vulnerability from fkie_nvd - Published: 2022-01-21 09:15 - Updated: 2024-11-21 06:45
Severity ?
6.7 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
ASUS VivoMini/Mini PC device has an improper input validation vulnerability. A local attacker with system privilege can use system management interrupt (SMI) to modify memory, resulting in arbitrary code execution for controlling the system or disrupting service.
References
| URL | Tags | ||
|---|---|---|---|
| twcert@cert.org.tw | https://www.twcert.org.tw/tw/cp-132-5547-34bc4-1.html | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.twcert.org.tw/tw/cp-132-5547-34bc4-1.html | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| asus | vc65-c1_firmware | * | |
| asus | vc65-c1 | - | |
| asus | pb60v_firmware | * | |
| asus | pb60v | - | |
| asus | pb60g_firmware | * | |
| asus | pb60g | - | |
| asus | pb60s_firmware | * | |
| asus | pb60s | - | |
| asus | pa90_firmware | * | |
| asus | pa90 | - | |
| asus | pb50_firmware | * | |
| asus | pb50 | - | |
| asus | pb60_firmware | * | |
| asus | pb60 | - | |
| asus | pb61v_firmware | * | |
| asus | pb61v | - | |
| asus | ts10_firmware | * | |
| asus | ts10 | - | |
| asus | pn40_firmware | * | |
| asus | pn40 | - | |
| asus | pn60_firmware | * | |
| asus | pn60 | - | |
| asus | pn30_firmware | * | |
| asus | pn30 | - | |
| asus | un65u_firmware | * | |
| asus | un65u | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:vc65-c1_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "395B2D9B-6DFD-4AD2-BC1C-F028D9F09156",
"versionEndExcluding": "1302",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:vc65-c1:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D95AA553-93DD-4B25-998D-1931984CAE43",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:pb60v_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0160408D-702A-40C4-A708-577A2382061C",
"versionEndExcluding": "1302",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:pb60v:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3819ED72-D8BA-475A-BC75-1AFDD32355CE",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:pb60g_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "45E296C4-7A32-4BC4-9F43-4D6967CC9E3D",
"versionEndExcluding": "1302",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:pb60g:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8A9D7121-8D3E-4B28-8BAF-FD35DA75D52F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:pb60s_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0D8E824D-F3A6-4719-B2F9-6B48D081FD3D",
"versionEndExcluding": "1302",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:pb60s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "42187AD8-D7C0-433C-9B15-8B34854F4E44",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:pa90_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "40112146-802E-462B-A549-F3D59B8C6A07",
"versionEndExcluding": "1401",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:pa90:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4331D58D-60C8-4C8D-A56E-BC673265EAFB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:pb50_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "065CAC27-8EED-4CCA-B581-7DE18B5E3679",
"versionEndExcluding": "902",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:pb50:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0012812A-1DCE-40DD-8333-D0D3263D4037",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:pb60_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D02742FD-6BE3-4168-93F8-D5D583EE16F9",
"versionEndExcluding": "1502",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:pb60:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1A3DD60D-1F92-435D-AD01-3D3D97F4C9DF",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:pb61v_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2361CDED-64D2-49B7-85F7-A9E5E0D9648D",
"versionEndExcluding": "601",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:pb61v:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5401FCAE-BBA0-48AF-B41A-6AA56FD69C32",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:ts10_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C7D8ABFC-E97D-4534-A477-00C59CCFC4BD",
"versionEndExcluding": "609",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:ts10:-:*:*:*:*:*:*:*",
"matchCriteriaId": "770CEBE0-41C1-4946-A0E5-38426B2E55AC",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:pn40_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "926B71C7-45C0-4070-BEAB-551896043C6E",
"versionEndExcluding": "2201",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:pn40:-:*:*:*:*:*:*:*",
"matchCriteriaId": "48A7EC77-C345-4976-8E71-D7D9EECCD8DC",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:pn60_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1C8E41C0-87D8-4E5E-A8A8-F4ED6935C283",
"versionEndExcluding": "808",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:pn60:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9D15F380-7802-4A8E-BD79-68BC682C6E15",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:pn30_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "48B92D16-649E-4565-B488-EE9081C2DE0E",
"versionEndExcluding": "320",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:pn30:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4C3C527A-4216-4755-B01D-E9ED1C1E7DB7",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:un65u_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D99FD9A8-B2D5-4CEC-8610-D0172EF5D9FA",
"versionEndExcluding": "618",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:un65u:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A7A7D92E-2D8E-4CF5-BA4C-2AED0946F6FF",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "ASUS VivoMini/Mini PC device has an improper input validation vulnerability. A local attacker with system privilege can use system management interrupt (SMI) to modify memory, resulting in arbitrary code execution for controlling the system or disrupting service."
},
{
"lang": "es",
"value": "El dispositivo ASUS VivoMini/Mini PC presenta una vulnerabilidad de comprobaci\u00f3n de entrada inapropiada. Un atacante local con privilegios de sistema puede usar la interrupci\u00f3n de administraci\u00f3n del sistema (SMI) para modificar la memoria, resultando en una ejecuci\u00f3n de c\u00f3digo arbitrario para controlar el sistema o interrumpir el servicio"
}
],
"id": "CVE-2022-21933",
"lastModified": "2024-11-21T06:45:44.113",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 0.8,
"impactScore": 5.9,
"source": "twcert@cert.org.tw",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-01-21T09:15:06.820",
"references": [
{
"source": "twcert@cert.org.tw",
"tags": [
"Third Party Advisory"
],
"url": "https://www.twcert.org.tw/tw/cp-132-5547-34bc4-1.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.twcert.org.tw/tw/cp-132-5547-34bc4-1.html"
}
],
"sourceIdentifier": "twcert@cert.org.tw",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "twcert@cert.org.tw",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2022-21933 (GCVE-0-2022-21933)
Vulnerability from cvelistv5 – Published: 2022-01-21 09:05 – Updated: 2024-09-16 20:06
VLAI?
Title
ASUS VivoMini/Mini PC - improper input validation
Summary
ASUS VivoMini/Mini PC device has an improper input validation vulnerability. A local attacker with system privilege can use system management interrupt (SMI) to modify memory, resulting in arbitrary code execution for controlling the system or disrupting service.
Severity ?
6.7 (Medium)
CWE
- CWE-20 - Improper Input Validation
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ASUS | VC65-C1 |
Affected:
unspecified , < 1302
(custom)
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T03:00:54.898Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.twcert.org.tw/tw/cp-132-5547-34bc4-1.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "VC65-C1",
"vendor": "ASUS",
"versions": [
{
"lessThan": "1302",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "PB60V",
"vendor": "ASUS",
"versions": [
{
"lessThan": "1302",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "PB60G",
"vendor": "ASUS",
"versions": [
{
"lessThan": "1302",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "PB60S",
"vendor": "ASUS",
"versions": [
{
"lessThan": "1302",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "PA90",
"vendor": "ASUS",
"versions": [
{
"lessThan": "1401",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "PB50",
"vendor": "ASUS",
"versions": [
{
"lessThan": "902",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "PB60",
"vendor": "ASUS",
"versions": [
{
"lessThan": "1502",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "PB61V",
"vendor": "ASUS",
"versions": [
{
"lessThan": "601",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "TS10",
"vendor": "ASUS",
"versions": [
{
"lessThan": "609",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "PN40",
"vendor": "ASUS",
"versions": [
{
"lessThan": "2201",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "PN60",
"vendor": "ASUS",
"versions": [
{
"lessThan": "808",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "PN30",
"vendor": "ASUS",
"versions": [
{
"lessThan": "320",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "UN65U",
"vendor": "ASUS",
"versions": [
{
"lessThan": "618",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2022-01-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "ASUS VivoMini/Mini PC device has an improper input validation vulnerability. A local attacker with system privilege can use system management interrupt (SMI) to modify memory, resulting in arbitrary code execution for controlling the system or disrupting service."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20 Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-01-21T09:05:12",
"orgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"shortName": "twcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.twcert.org.tw/tw/cp-132-5547-34bc4-1.html"
}
],
"solutions": [
{
"lang": "en",
"value": "BIOS Update(https://www.asus.com/content/ASUS-Product-Security-Advisory/)"
}
],
"source": {
"advisory": "TVN-202201001",
"discovery": "EXTERNAL"
},
"title": "ASUS VivoMini/Mini PC - improper input validation",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"AKA": "TWCERT/CC",
"ASSIGNER": "cve@cert.org.tw",
"DATE_PUBLIC": "2022-01-21T07:55:00.000Z",
"ID": "CVE-2022-21933",
"STATE": "PUBLIC",
"TITLE": "ASUS VivoMini/Mini PC - improper input validation"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "VC65-C1",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "1302"
}
]
}
},
{
"product_name": "PB60V",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "1302"
}
]
}
},
{
"product_name": "PB60G",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "1302"
}
]
}
},
{
"product_name": "PB60S",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "1302"
}
]
}
},
{
"product_name": "PA90",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "1401"
}
]
}
},
{
"product_name": "PB50",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "902"
}
]
}
},
{
"product_name": "PB60",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "1502"
}
]
}
},
{
"product_name": "PB61V",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "601"
}
]
}
},
{
"product_name": "TS10",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "609"
}
]
}
},
{
"product_name": "PN40",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "2201"
}
]
}
},
{
"product_name": "PN60",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "808"
}
]
}
},
{
"product_name": "PN30",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "320"
}
]
}
},
{
"product_name": "UN65U",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "618"
}
]
}
}
]
},
"vendor_name": "ASUS"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "ASUS VivoMini/Mini PC device has an improper input validation vulnerability. A local attacker with system privilege can use system management interrupt (SMI) to modify memory, resulting in arbitrary code execution for controlling the system or disrupting service."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-20 Improper Input Validation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.twcert.org.tw/tw/cp-132-5547-34bc4-1.html",
"refsource": "MISC",
"url": "https://www.twcert.org.tw/tw/cp-132-5547-34bc4-1.html"
}
]
},
"solution": [
{
"lang": "en",
"value": "BIOS Update(https://www.asus.com/content/ASUS-Product-Security-Advisory/)"
}
],
"source": {
"advisory": "TVN-202201001",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"assignerShortName": "twcert",
"cveId": "CVE-2022-21933",
"datePublished": "2022-01-21T09:05:12.371715Z",
"dateReserved": "2021-12-14T00:00:00",
"dateUpdated": "2024-09-16T20:06:36.122Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-21933 (GCVE-0-2022-21933)
Vulnerability from nvd – Published: 2022-01-21 09:05 – Updated: 2024-09-16 20:06
VLAI?
Title
ASUS VivoMini/Mini PC - improper input validation
Summary
ASUS VivoMini/Mini PC device has an improper input validation vulnerability. A local attacker with system privilege can use system management interrupt (SMI) to modify memory, resulting in arbitrary code execution for controlling the system or disrupting service.
Severity ?
6.7 (Medium)
CWE
- CWE-20 - Improper Input Validation
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ASUS | VC65-C1 |
Affected:
unspecified , < 1302
(custom)
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T03:00:54.898Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.twcert.org.tw/tw/cp-132-5547-34bc4-1.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "VC65-C1",
"vendor": "ASUS",
"versions": [
{
"lessThan": "1302",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "PB60V",
"vendor": "ASUS",
"versions": [
{
"lessThan": "1302",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "PB60G",
"vendor": "ASUS",
"versions": [
{
"lessThan": "1302",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "PB60S",
"vendor": "ASUS",
"versions": [
{
"lessThan": "1302",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "PA90",
"vendor": "ASUS",
"versions": [
{
"lessThan": "1401",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "PB50",
"vendor": "ASUS",
"versions": [
{
"lessThan": "902",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "PB60",
"vendor": "ASUS",
"versions": [
{
"lessThan": "1502",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "PB61V",
"vendor": "ASUS",
"versions": [
{
"lessThan": "601",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "TS10",
"vendor": "ASUS",
"versions": [
{
"lessThan": "609",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "PN40",
"vendor": "ASUS",
"versions": [
{
"lessThan": "2201",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "PN60",
"vendor": "ASUS",
"versions": [
{
"lessThan": "808",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "PN30",
"vendor": "ASUS",
"versions": [
{
"lessThan": "320",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "UN65U",
"vendor": "ASUS",
"versions": [
{
"lessThan": "618",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2022-01-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "ASUS VivoMini/Mini PC device has an improper input validation vulnerability. A local attacker with system privilege can use system management interrupt (SMI) to modify memory, resulting in arbitrary code execution for controlling the system or disrupting service."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20 Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-01-21T09:05:12",
"orgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"shortName": "twcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.twcert.org.tw/tw/cp-132-5547-34bc4-1.html"
}
],
"solutions": [
{
"lang": "en",
"value": "BIOS Update(https://www.asus.com/content/ASUS-Product-Security-Advisory/)"
}
],
"source": {
"advisory": "TVN-202201001",
"discovery": "EXTERNAL"
},
"title": "ASUS VivoMini/Mini PC - improper input validation",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"AKA": "TWCERT/CC",
"ASSIGNER": "cve@cert.org.tw",
"DATE_PUBLIC": "2022-01-21T07:55:00.000Z",
"ID": "CVE-2022-21933",
"STATE": "PUBLIC",
"TITLE": "ASUS VivoMini/Mini PC - improper input validation"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "VC65-C1",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "1302"
}
]
}
},
{
"product_name": "PB60V",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "1302"
}
]
}
},
{
"product_name": "PB60G",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "1302"
}
]
}
},
{
"product_name": "PB60S",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "1302"
}
]
}
},
{
"product_name": "PA90",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "1401"
}
]
}
},
{
"product_name": "PB50",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "902"
}
]
}
},
{
"product_name": "PB60",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "1502"
}
]
}
},
{
"product_name": "PB61V",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "601"
}
]
}
},
{
"product_name": "TS10",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "609"
}
]
}
},
{
"product_name": "PN40",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "2201"
}
]
}
},
{
"product_name": "PN60",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "808"
}
]
}
},
{
"product_name": "PN30",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "320"
}
]
}
},
{
"product_name": "UN65U",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "618"
}
]
}
}
]
},
"vendor_name": "ASUS"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "ASUS VivoMini/Mini PC device has an improper input validation vulnerability. A local attacker with system privilege can use system management interrupt (SMI) to modify memory, resulting in arbitrary code execution for controlling the system or disrupting service."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-20 Improper Input Validation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.twcert.org.tw/tw/cp-132-5547-34bc4-1.html",
"refsource": "MISC",
"url": "https://www.twcert.org.tw/tw/cp-132-5547-34bc4-1.html"
}
]
},
"solution": [
{
"lang": "en",
"value": "BIOS Update(https://www.asus.com/content/ASUS-Product-Security-Advisory/)"
}
],
"source": {
"advisory": "TVN-202201001",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"assignerShortName": "twcert",
"cveId": "CVE-2022-21933",
"datePublished": "2022-01-21T09:05:12.371715Z",
"dateReserved": "2021-12-14T00:00:00",
"dateUpdated": "2024-09-16T20:06:36.122Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}