Search criteria
3 vulnerabilities found for PA90 by ASUS
VAR-202201-1903
Vulnerability from variot - Updated: 2024-11-23 22:10ASUS VivoMini/Mini PC device has an improper input validation vulnerability. A local attacker with system privilege can use system management interrupt (SMI) to modify memory, resulting in arbitrary code execution for controlling the system or disrupting service. (DoS) It may be in a state. ASUS VivoMini/Mini PC is an ultra-thin and small mini-computer from Taiwan-based ASUS (ASUS)
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202201-1903",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "pb60",
"scope": "lt",
"trust": 1.0,
"vendor": "asus",
"version": "1502"
},
{
"model": "pb60s",
"scope": "lt",
"trust": 1.0,
"vendor": "asus",
"version": "1302"
},
{
"model": "pb60g",
"scope": "lt",
"trust": 1.0,
"vendor": "asus",
"version": "1302"
},
{
"model": "pb50",
"scope": "lt",
"trust": 1.0,
"vendor": "asus",
"version": "902"
},
{
"model": "vc65-c1",
"scope": "lt",
"trust": 1.0,
"vendor": "asus",
"version": "1302"
},
{
"model": "pn60",
"scope": "lt",
"trust": 1.0,
"vendor": "asus",
"version": "808"
},
{
"model": "pb61v",
"scope": "lt",
"trust": 1.0,
"vendor": "asus",
"version": "601"
},
{
"model": "pn40",
"scope": "lt",
"trust": 1.0,
"vendor": "asus",
"version": "2201"
},
{
"model": "pb60v",
"scope": "lt",
"trust": 1.0,
"vendor": "asus",
"version": "1302"
},
{
"model": "pa90",
"scope": "lt",
"trust": 1.0,
"vendor": "asus",
"version": "1401"
},
{
"model": "un65u",
"scope": "lt",
"trust": 1.0,
"vendor": "asus",
"version": "618"
},
{
"model": "ts10",
"scope": "lt",
"trust": 1.0,
"vendor": "asus",
"version": "609"
},
{
"model": "pn30",
"scope": "lt",
"trust": 1.0,
"vendor": "asus",
"version": "320"
},
{
"model": "pb60",
"scope": null,
"trust": 0.8,
"vendor": "asustek computer",
"version": null
},
{
"model": "pb60g",
"scope": null,
"trust": 0.8,
"vendor": "asustek computer",
"version": null
},
{
"model": "pb60s",
"scope": null,
"trust": 0.8,
"vendor": "asustek computer",
"version": null
},
{
"model": "pn40",
"scope": null,
"trust": 0.8,
"vendor": "asustek computer",
"version": null
},
{
"model": "pb50",
"scope": null,
"trust": 0.8,
"vendor": "asustek computer",
"version": null
},
{
"model": "ts10",
"scope": null,
"trust": 0.8,
"vendor": "asustek computer",
"version": null
},
{
"model": "pb61v",
"scope": null,
"trust": 0.8,
"vendor": "asustek computer",
"version": null
},
{
"model": "pb60v",
"scope": null,
"trust": 0.8,
"vendor": "asustek computer",
"version": null
},
{
"model": "vc65-c1",
"scope": null,
"trust": 0.8,
"vendor": "asustek computer",
"version": null
},
{
"model": "pa90",
"scope": null,
"trust": 0.8,
"vendor": "asustek computer",
"version": null
},
{
"model": "vivomini/mini pc",
"scope": null,
"trust": 0.6,
"vendor": "asus",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-08158"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-003871"
},
{
"db": "NVD",
"id": "CVE-2022-21933"
}
]
},
"cve": "CVE-2022-21933",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"id": "CVE-2022-21933",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.9,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"id": "CNVD-2022-08158",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2022-21933",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "twcert@cert.org.tw",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 0.8,
"id": "CVE-2022-21933",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2022-21933",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2022-21933",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "twcert@cert.org.tw",
"id": "CVE-2022-21933",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2022-21933",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2022-08158",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202201-2132",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2022-21933",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-08158"
},
{
"db": "VULMON",
"id": "CVE-2022-21933"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-003871"
},
{
"db": "CNNVD",
"id": "CNNVD-202201-2132"
},
{
"db": "NVD",
"id": "CVE-2022-21933"
},
{
"db": "NVD",
"id": "CVE-2022-21933"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "ASUS VivoMini/Mini PC device has an improper input validation vulnerability. A local attacker with system privilege can use system management interrupt (SMI) to modify memory, resulting in arbitrary code execution for controlling the system or disrupting service. (DoS) It may be in a state. ASUS VivoMini/Mini PC is an ultra-thin and small mini-computer from Taiwan-based ASUS (ASUS)",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-21933"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-003871"
},
{
"db": "CNVD",
"id": "CNVD-2022-08158"
},
{
"db": "VULMON",
"id": "CVE-2022-21933"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2022-21933",
"trust": 3.9
},
{
"db": "JVNDB",
"id": "JVNDB-2022-003871",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2022-08158",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202201-2132",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2022-21933",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-08158"
},
{
"db": "VULMON",
"id": "CVE-2022-21933"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-003871"
},
{
"db": "CNNVD",
"id": "CNNVD-202201-2132"
},
{
"db": "NVD",
"id": "CVE-2022-21933"
}
]
},
"id": "VAR-202201-1903",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-08158"
}
],
"trust": 1.6
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"IoT"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-08158"
}
]
},
"last_update_date": "2024-11-23T22:10:55.027000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "top page",
"trust": 0.8,
"url": "https://www.asus.com/jp/"
},
{
"title": "Patch for ASUS VivoMini/Mini PC Input Validation Error Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/316996"
},
{
"title": "ASUS VivoMini/Mini PC Enter the fix for the verification error vulnerability",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=183798"
},
{
"title": "CVE-2022-XXXX",
"trust": 0.1,
"url": "https://github.com/AlphabugX/CVE-2022-23305 "
},
{
"title": "CVE-2022-XXXX",
"trust": 0.1,
"url": "https://github.com/AlphabugX/CVE-2022-RCE "
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-08158"
},
{
"db": "VULMON",
"id": "CVE-2022-21933"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-003871"
},
{
"db": "CNNVD",
"id": "CNNVD-202201-2132"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-787",
"trust": 1.0
},
{
"problemtype": "CWE-20",
"trust": 1.0
},
{
"problemtype": "Inappropriate input confirmation (CWE-20) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-003871"
},
{
"db": "NVD",
"id": "CVE-2022-21933"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.1,
"url": "https://www.twcert.org.tw/tw/cp-132-5547-34bc4-1.html"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-21933"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/787.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://github.com/alphabugx/cve-2022-23305"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-08158"
},
{
"db": "VULMON",
"id": "CVE-2022-21933"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-003871"
},
{
"db": "CNNVD",
"id": "CNNVD-202201-2132"
},
{
"db": "NVD",
"id": "CVE-2022-21933"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2022-08158"
},
{
"db": "VULMON",
"id": "CVE-2022-21933"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-003871"
},
{
"db": "CNNVD",
"id": "CNNVD-202201-2132"
},
{
"db": "NVD",
"id": "CVE-2022-21933"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-02-01T00:00:00",
"db": "CNVD",
"id": "CNVD-2022-08158"
},
{
"date": "2022-01-21T00:00:00",
"db": "VULMON",
"id": "CVE-2022-21933"
},
{
"date": "2023-03-10T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2022-003871"
},
{
"date": "2022-01-21T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202201-2132"
},
{
"date": "2022-01-21T09:15:06.820000",
"db": "NVD",
"id": "CVE-2022-21933"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-02-02T00:00:00",
"db": "CNVD",
"id": "CNVD-2022-08158"
},
{
"date": "2023-07-24T00:00:00",
"db": "VULMON",
"id": "CVE-2022-21933"
},
{
"date": "2023-03-10T02:01:00",
"db": "JVNDB",
"id": "JVNDB-2022-003871"
},
{
"date": "2023-07-25T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202201-2132"
},
{
"date": "2024-11-21T06:45:44.113000",
"db": "NVD",
"id": "CVE-2022-21933"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202201-2132"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "ASUS\u00a0VivoMini/Mini\u00a0PC\u00a0 Vulnerability related to input validation in devices",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-003871"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202201-2132"
}
],
"trust": 0.6
}
}
CVE-2022-21933 (GCVE-0-2022-21933)
Vulnerability from nvd – Published: 2022-01-21 09:05 – Updated: 2024-09-16 20:06
VLAI?
Title
ASUS VivoMini/Mini PC - improper input validation
Summary
ASUS VivoMini/Mini PC device has an improper input validation vulnerability. A local attacker with system privilege can use system management interrupt (SMI) to modify memory, resulting in arbitrary code execution for controlling the system or disrupting service.
Severity ?
6.7 (Medium)
CWE
- CWE-20 - Improper Input Validation
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ASUS | VC65-C1 |
Affected:
unspecified , < 1302
(custom)
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Date Public ?
2022-01-21 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T03:00:54.898Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.twcert.org.tw/tw/cp-132-5547-34bc4-1.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "VC65-C1",
"vendor": "ASUS",
"versions": [
{
"lessThan": "1302",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "PB60V",
"vendor": "ASUS",
"versions": [
{
"lessThan": "1302",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "PB60G",
"vendor": "ASUS",
"versions": [
{
"lessThan": "1302",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "PB60S",
"vendor": "ASUS",
"versions": [
{
"lessThan": "1302",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "PA90",
"vendor": "ASUS",
"versions": [
{
"lessThan": "1401",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "PB50",
"vendor": "ASUS",
"versions": [
{
"lessThan": "902",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "PB60",
"vendor": "ASUS",
"versions": [
{
"lessThan": "1502",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "PB61V",
"vendor": "ASUS",
"versions": [
{
"lessThan": "601",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "TS10",
"vendor": "ASUS",
"versions": [
{
"lessThan": "609",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "PN40",
"vendor": "ASUS",
"versions": [
{
"lessThan": "2201",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "PN60",
"vendor": "ASUS",
"versions": [
{
"lessThan": "808",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "PN30",
"vendor": "ASUS",
"versions": [
{
"lessThan": "320",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "UN65U",
"vendor": "ASUS",
"versions": [
{
"lessThan": "618",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2022-01-21T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "ASUS VivoMini/Mini PC device has an improper input validation vulnerability. A local attacker with system privilege can use system management interrupt (SMI) to modify memory, resulting in arbitrary code execution for controlling the system or disrupting service."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20 Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-01-21T09:05:12.000Z",
"orgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"shortName": "twcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.twcert.org.tw/tw/cp-132-5547-34bc4-1.html"
}
],
"solutions": [
{
"lang": "en",
"value": "BIOS Update(https://www.asus.com/content/ASUS-Product-Security-Advisory/)"
}
],
"source": {
"advisory": "TVN-202201001",
"discovery": "EXTERNAL"
},
"title": "ASUS VivoMini/Mini PC - improper input validation",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"AKA": "TWCERT/CC",
"ASSIGNER": "cve@cert.org.tw",
"DATE_PUBLIC": "2022-01-21T07:55:00.000Z",
"ID": "CVE-2022-21933",
"STATE": "PUBLIC",
"TITLE": "ASUS VivoMini/Mini PC - improper input validation"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "VC65-C1",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "1302"
}
]
}
},
{
"product_name": "PB60V",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "1302"
}
]
}
},
{
"product_name": "PB60G",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "1302"
}
]
}
},
{
"product_name": "PB60S",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "1302"
}
]
}
},
{
"product_name": "PA90",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "1401"
}
]
}
},
{
"product_name": "PB50",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "902"
}
]
}
},
{
"product_name": "PB60",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "1502"
}
]
}
},
{
"product_name": "PB61V",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "601"
}
]
}
},
{
"product_name": "TS10",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "609"
}
]
}
},
{
"product_name": "PN40",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "2201"
}
]
}
},
{
"product_name": "PN60",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "808"
}
]
}
},
{
"product_name": "PN30",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "320"
}
]
}
},
{
"product_name": "UN65U",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "618"
}
]
}
}
]
},
"vendor_name": "ASUS"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "ASUS VivoMini/Mini PC device has an improper input validation vulnerability. A local attacker with system privilege can use system management interrupt (SMI) to modify memory, resulting in arbitrary code execution for controlling the system or disrupting service."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-20 Improper Input Validation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.twcert.org.tw/tw/cp-132-5547-34bc4-1.html",
"refsource": "MISC",
"url": "https://www.twcert.org.tw/tw/cp-132-5547-34bc4-1.html"
}
]
},
"solution": [
{
"lang": "en",
"value": "BIOS Update(https://www.asus.com/content/ASUS-Product-Security-Advisory/)"
}
],
"source": {
"advisory": "TVN-202201001",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"assignerShortName": "twcert",
"cveId": "CVE-2022-21933",
"datePublished": "2022-01-21T09:05:12.371Z",
"dateReserved": "2021-12-14T00:00:00.000Z",
"dateUpdated": "2024-09-16T20:06:36.122Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-21933 (GCVE-0-2022-21933)
Vulnerability from cvelistv5 – Published: 2022-01-21 09:05 – Updated: 2024-09-16 20:06
VLAI?
Title
ASUS VivoMini/Mini PC - improper input validation
Summary
ASUS VivoMini/Mini PC device has an improper input validation vulnerability. A local attacker with system privilege can use system management interrupt (SMI) to modify memory, resulting in arbitrary code execution for controlling the system or disrupting service.
Severity ?
6.7 (Medium)
CWE
- CWE-20 - Improper Input Validation
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ASUS | VC65-C1 |
Affected:
unspecified , < 1302
(custom)
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Date Public ?
2022-01-21 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T03:00:54.898Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.twcert.org.tw/tw/cp-132-5547-34bc4-1.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "VC65-C1",
"vendor": "ASUS",
"versions": [
{
"lessThan": "1302",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "PB60V",
"vendor": "ASUS",
"versions": [
{
"lessThan": "1302",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "PB60G",
"vendor": "ASUS",
"versions": [
{
"lessThan": "1302",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "PB60S",
"vendor": "ASUS",
"versions": [
{
"lessThan": "1302",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "PA90",
"vendor": "ASUS",
"versions": [
{
"lessThan": "1401",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "PB50",
"vendor": "ASUS",
"versions": [
{
"lessThan": "902",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "PB60",
"vendor": "ASUS",
"versions": [
{
"lessThan": "1502",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "PB61V",
"vendor": "ASUS",
"versions": [
{
"lessThan": "601",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "TS10",
"vendor": "ASUS",
"versions": [
{
"lessThan": "609",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "PN40",
"vendor": "ASUS",
"versions": [
{
"lessThan": "2201",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "PN60",
"vendor": "ASUS",
"versions": [
{
"lessThan": "808",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "PN30",
"vendor": "ASUS",
"versions": [
{
"lessThan": "320",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "UN65U",
"vendor": "ASUS",
"versions": [
{
"lessThan": "618",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2022-01-21T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "ASUS VivoMini/Mini PC device has an improper input validation vulnerability. A local attacker with system privilege can use system management interrupt (SMI) to modify memory, resulting in arbitrary code execution for controlling the system or disrupting service."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20 Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-01-21T09:05:12.000Z",
"orgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"shortName": "twcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.twcert.org.tw/tw/cp-132-5547-34bc4-1.html"
}
],
"solutions": [
{
"lang": "en",
"value": "BIOS Update(https://www.asus.com/content/ASUS-Product-Security-Advisory/)"
}
],
"source": {
"advisory": "TVN-202201001",
"discovery": "EXTERNAL"
},
"title": "ASUS VivoMini/Mini PC - improper input validation",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"AKA": "TWCERT/CC",
"ASSIGNER": "cve@cert.org.tw",
"DATE_PUBLIC": "2022-01-21T07:55:00.000Z",
"ID": "CVE-2022-21933",
"STATE": "PUBLIC",
"TITLE": "ASUS VivoMini/Mini PC - improper input validation"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "VC65-C1",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "1302"
}
]
}
},
{
"product_name": "PB60V",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "1302"
}
]
}
},
{
"product_name": "PB60G",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "1302"
}
]
}
},
{
"product_name": "PB60S",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "1302"
}
]
}
},
{
"product_name": "PA90",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "1401"
}
]
}
},
{
"product_name": "PB50",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "902"
}
]
}
},
{
"product_name": "PB60",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "1502"
}
]
}
},
{
"product_name": "PB61V",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "601"
}
]
}
},
{
"product_name": "TS10",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "609"
}
]
}
},
{
"product_name": "PN40",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "2201"
}
]
}
},
{
"product_name": "PN60",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "808"
}
]
}
},
{
"product_name": "PN30",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "320"
}
]
}
},
{
"product_name": "UN65U",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "618"
}
]
}
}
]
},
"vendor_name": "ASUS"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "ASUS VivoMini/Mini PC device has an improper input validation vulnerability. A local attacker with system privilege can use system management interrupt (SMI) to modify memory, resulting in arbitrary code execution for controlling the system or disrupting service."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-20 Improper Input Validation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.twcert.org.tw/tw/cp-132-5547-34bc4-1.html",
"refsource": "MISC",
"url": "https://www.twcert.org.tw/tw/cp-132-5547-34bc4-1.html"
}
]
},
"solution": [
{
"lang": "en",
"value": "BIOS Update(https://www.asus.com/content/ASUS-Product-Security-Advisory/)"
}
],
"source": {
"advisory": "TVN-202201001",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"assignerShortName": "twcert",
"cveId": "CVE-2022-21933",
"datePublished": "2022-01-21T09:05:12.371Z",
"dateReserved": "2021-12-14T00:00:00.000Z",
"dateUpdated": "2024-09-16T20:06:36.122Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}