ASUS VivoMini/Mini PC device has an improper input validation vulnerability. A local attacker with system privilege can use system management interrupt (SMI) to modify memory, resulting in arbitrary code execution for controlling the system or disrupting service.

Metrics

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

This CVE is not in the KEV list.

The EPSS score is 0.00101.

Key SSVC decision points have not yet been added.

Affected Vendors & Products

Vendors Products
Asus
  • Pa90
  • Pa90 Firmware
  • Pb50
  • Pb50 Firmware
  • Pb60
  • Pb60 Firmware
  • Pb60g
  • Pb60g Firmware
  • Pb60s
  • Pb60s Firmware
  • Pb60v
  • Pb60v Firmware
  • Pb61v
  • Pb61v Firmware
  • Pn30
  • Pn30 Firmware
  • Pn40
  • Pn40 Firmware
  • Pn60
  • Pn60 Firmware
  • Ts10
  • Ts10 Firmware
  • Un65u
  • Un65u Firmware
  • Vc65-c1
  • Vc65-c1 Firmware

Configuration 1 [-]

AND
cpe:2.3:o:asus:vc65-c1_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:asus:vc65-c1:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND
cpe:2.3:o:asus:pb60v_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:asus:pb60v:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND
cpe:2.3:o:asus:pb60g_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:asus:pb60g:-:*:*:*:*:*:*:*

Configuration 4 [-]

AND
cpe:2.3:o:asus:pb60s_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:asus:pb60s:-:*:*:*:*:*:*:*

Configuration 5 [-]

AND
cpe:2.3:o:asus:pa90_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:asus:pa90:-:*:*:*:*:*:*:*

Configuration 6 [-]

AND
cpe:2.3:o:asus:pb50_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:asus:pb50:-:*:*:*:*:*:*:*

Configuration 7 [-]

AND
cpe:2.3:o:asus:pb60_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:asus:pb60:-:*:*:*:*:*:*:*

Configuration 8 [-]

AND
cpe:2.3:o:asus:pb61v_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:asus:pb61v:-:*:*:*:*:*:*:*

Configuration 9 [-]

AND
cpe:2.3:o:asus:ts10_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:asus:ts10:-:*:*:*:*:*:*:*

Configuration 10 [-]

AND
cpe:2.3:o:asus:pn40_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:asus:pn40:-:*:*:*:*:*:*:*

Configuration 11 [-]

AND
cpe:2.3:o:asus:pn60_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:asus:pn60:-:*:*:*:*:*:*:*

Configuration 12 [-]

AND
cpe:2.3:o:asus:pn30_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:asus:pn30:-:*:*:*:*:*:*:*

Configuration 13 [-]

AND
cpe:2.3:o:asus:un65u_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:asus:un65u:-:*:*:*:*:*:*:*

No data.

No data.

Advisories
Source ID Title
EUVD EUVD EUVD-2022-27089 ASUS VivoMini/Mini PC device has an improper input validation vulnerability. A local attacker with system privilege can use system management interrupt (SMI) to modify memory, resulting in arbitrary code execution for controlling the system or disrupting service.
Fixes

Solution

BIOS Update(https://www.asus.com/content/ASUS-Product-Security-Advisory/)

Workaround

No workaround given by the vendor.

References
Link Providers
https://www.twcert.org.tw/tw/cp-132-5547-34bc4-1.html cve-icon cve-icon
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: twcert

Published:

Updated: 2024-09-16T20:06:36.122Z

Reserved: 2021-12-14T00:00:00

Link: CVE-2022-21933

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2022-01-21T09:15:06.820

Modified: 2024-11-21T06:45:44.113

Link: CVE-2022-21933

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.