ASUS VivoMini/Mini PC device has an improper input validation vulnerability. A local attacker with system privilege can use system management interrupt (SMI) to modify memory, resulting in arbitrary code execution for controlling the system or disrupting service.

Metrics

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

This CVE is not in the KEV list.

The EPSS score is 0.00101.

Key SSVC decision points have not yet been added.

Affected Vendors & Products

Vendors Products
Asus Subscribe
Pa90 Subscribe
Pa90 Firmware Subscribe
Pb50 Subscribe
Pb50 Firmware Subscribe
Pb60 Subscribe
Pb60 Firmware Subscribe
Pb60g Subscribe
Pb60g Firmware Subscribe
Pb60s Subscribe
Pb60s Firmware Subscribe
Pb60v Subscribe
Pb60v Firmware Subscribe
Pb61v Subscribe
Pb61v Firmware Subscribe
Pn30 Subscribe
Pn30 Firmware Subscribe
Pn40 Subscribe
Pn40 Firmware Subscribe
Pn60 Subscribe
Pn60 Firmware Subscribe
Ts10 Subscribe
Ts10 Firmware Subscribe
Un65u Subscribe
Un65u Firmware Subscribe
Vc65-c1 Subscribe
Vc65-c1 Firmware Subscribe

Configuration 1 [-]

AND
cpe:2.3:o:asus:vc65-c1_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:asus:vc65-c1:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND
cpe:2.3:o:asus:pb60v_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:asus:pb60v:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND
cpe:2.3:o:asus:pb60g_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:asus:pb60g:-:*:*:*:*:*:*:*

Configuration 4 [-]

AND
cpe:2.3:o:asus:pb60s_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:asus:pb60s:-:*:*:*:*:*:*:*

Configuration 5 [-]

AND
cpe:2.3:o:asus:pa90_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:asus:pa90:-:*:*:*:*:*:*:*

Configuration 6 [-]

AND
cpe:2.3:o:asus:pb50_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:asus:pb50:-:*:*:*:*:*:*:*

Configuration 7 [-]

AND
cpe:2.3:o:asus:pb60_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:asus:pb60:-:*:*:*:*:*:*:*

Configuration 8 [-]

AND
cpe:2.3:o:asus:pb61v_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:asus:pb61v:-:*:*:*:*:*:*:*

Configuration 9 [-]

AND
cpe:2.3:o:asus:ts10_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:asus:ts10:-:*:*:*:*:*:*:*

Configuration 10 [-]

AND
cpe:2.3:o:asus:pn40_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:asus:pn40:-:*:*:*:*:*:*:*

Configuration 11 [-]

AND
cpe:2.3:o:asus:pn60_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:asus:pn60:-:*:*:*:*:*:*:*

Configuration 12 [-]

AND
cpe:2.3:o:asus:pn30_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:asus:pn30:-:*:*:*:*:*:*:*

Configuration 13 [-]

AND
cpe:2.3:o:asus:un65u_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:asus:un65u:-:*:*:*:*:*:*:*

No data.

No data.

Advisories
Source ID Title
EUVD EUVD EUVD-2022-27089 ASUS VivoMini/Mini PC device has an improper input validation vulnerability. A local attacker with system privilege can use system management interrupt (SMI) to modify memory, resulting in arbitrary code execution for controlling the system or disrupting service.
Fixes

Solution

BIOS Update(https://www.asus.com/content/ASUS-Product-Security-Advisory/)

Workaround

No workaround given by the vendor.

References
Link Providers
https://www.twcert.org.tw/tw/cp-132-5547-34bc4-1.html cve-icon cve-icon
History

No history.

Projects

Sign in to view the affected projects.

cve-icon MITRE

Status: PUBLISHED

Assigner: twcert

Published:

Updated: 2024-09-16T20:06:36.122Z

Reserved: 2021-12-14T00:00:00

Link: CVE-2022-21933

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2022-01-21T09:15:06.820

Modified: 2024-11-21T06:45:44.113

Link: CVE-2022-21933

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.

Weaknesses