FKIE_CVE-2022-21933

Vulnerability from fkie_nvd - Published: 2022-01-21 09:15 - Updated: 2024-11-21 06:45
Severity ?
6.7 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
ASUS VivoMini/Mini PC device has an improper input validation vulnerability. A local attacker with system privilege can use system management interrupt (SMI) to modify memory, resulting in arbitrary code execution for controlling the system or disrupting service.
References
twcert@cert.org.twhttps://www.twcert.org.tw/tw/cp-132-5547-34bc4-1.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.twcert.org.tw/tw/cp-132-5547-34bc4-1.htmlThird Party Advisory
Impacted products
Vendor Product Version
asus vc65-c1_firmware *
asus vc65-c1 -
asus pb60v_firmware *
asus pb60v -
asus pb60g_firmware *
asus pb60g -
asus pb60s_firmware *
asus pb60s -
asus pa90_firmware *
asus pa90 -
asus pb50_firmware *
asus pb50 -
asus pb60_firmware *
asus pb60 -
asus pb61v_firmware *
asus pb61v -
asus ts10_firmware *
asus ts10 -
asus pn40_firmware *
asus pn40 -
asus pn60_firmware *
asus pn60 -
asus pn30_firmware *
asus pn30 -
asus un65u_firmware *
asus un65u -
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:asus:vc65-c1_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "395B2D9B-6DFD-4AD2-BC1C-F028D9F09156",
              "versionEndExcluding": "1302",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:asus:vc65-c1:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "D95AA553-93DD-4B25-998D-1931984CAE43",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:asus:pb60v_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "0160408D-702A-40C4-A708-577A2382061C",
              "versionEndExcluding": "1302",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:asus:pb60v:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "3819ED72-D8BA-475A-BC75-1AFDD32355CE",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:asus:pb60g_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "45E296C4-7A32-4BC4-9F43-4D6967CC9E3D",
              "versionEndExcluding": "1302",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:asus:pb60g:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "8A9D7121-8D3E-4B28-8BAF-FD35DA75D52F",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:asus:pb60s_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "0D8E824D-F3A6-4719-B2F9-6B48D081FD3D",
              "versionEndExcluding": "1302",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:asus:pb60s:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "42187AD8-D7C0-433C-9B15-8B34854F4E44",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:asus:pa90_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "40112146-802E-462B-A549-F3D59B8C6A07",
              "versionEndExcluding": "1401",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:asus:pa90:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "4331D58D-60C8-4C8D-A56E-BC673265EAFB",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:asus:pb50_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "065CAC27-8EED-4CCA-B581-7DE18B5E3679",
              "versionEndExcluding": "902",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:asus:pb50:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "0012812A-1DCE-40DD-8333-D0D3263D4037",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:asus:pb60_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "D02742FD-6BE3-4168-93F8-D5D583EE16F9",
              "versionEndExcluding": "1502",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:asus:pb60:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "1A3DD60D-1F92-435D-AD01-3D3D97F4C9DF",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:asus:pb61v_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "2361CDED-64D2-49B7-85F7-A9E5E0D9648D",
              "versionEndExcluding": "601",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:asus:pb61v:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "5401FCAE-BBA0-48AF-B41A-6AA56FD69C32",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:asus:ts10_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "C7D8ABFC-E97D-4534-A477-00C59CCFC4BD",
              "versionEndExcluding": "609",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:asus:ts10:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "770CEBE0-41C1-4946-A0E5-38426B2E55AC",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:asus:pn40_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "926B71C7-45C0-4070-BEAB-551896043C6E",
              "versionEndExcluding": "2201",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:asus:pn40:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "48A7EC77-C345-4976-8E71-D7D9EECCD8DC",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:asus:pn60_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "1C8E41C0-87D8-4E5E-A8A8-F4ED6935C283",
              "versionEndExcluding": "808",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:asus:pn60:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "9D15F380-7802-4A8E-BD79-68BC682C6E15",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:asus:pn30_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "48B92D16-649E-4565-B488-EE9081C2DE0E",
              "versionEndExcluding": "320",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:asus:pn30:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "4C3C527A-4216-4755-B01D-E9ED1C1E7DB7",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:asus:un65u_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "D99FD9A8-B2D5-4CEC-8610-D0172EF5D9FA",
              "versionEndExcluding": "618",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:asus:un65u:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A7A7D92E-2D8E-4CF5-BA4C-2AED0946F6FF",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "ASUS VivoMini/Mini PC device has an improper input validation vulnerability. A local attacker with system privilege can use system management interrupt (SMI) to modify memory, resulting in arbitrary code execution for controlling the system or disrupting service."
    },
    {
      "lang": "es",
      "value": "El dispositivo ASUS VivoMini/Mini PC presenta una vulnerabilidad de comprobaci\u00f3n de entrada inapropiada. Un atacante local con privilegios de sistema puede usar la interrupci\u00f3n de administraci\u00f3n del sistema (SMI) para modificar la memoria, resultando en una ejecuci\u00f3n de c\u00f3digo arbitrario para controlar el sistema o interrumpir el servicio"
    }
  ],
  "id": "CVE-2022-21933",
  "lastModified": "2024-11-21T06:45:44.113",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 7.2,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 6.7,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "HIGH",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 0.8,
        "impactScore": 5.9,
        "source": "twcert@cert.org.tw",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 7.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2022-01-21T09:15:06.820",
  "references": [
    {
      "source": "twcert@cert.org.tw",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.twcert.org.tw/tw/cp-132-5547-34bc4-1.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.twcert.org.tw/tw/cp-132-5547-34bc4-1.html"
    }
  ],
  "sourceIdentifier": "twcert@cert.org.tw",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-20"
        }
      ],
      "source": "twcert@cert.org.tw",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-787"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.