Vulnerability Description
ASUS VivoMini/Mini PC device has an improper input validation vulnerability. A local attacker with system privilege can use system management interrupt (SMI) to modify memory, resulting in arbitrary code execution for controlling the system or disrupting service.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Asus | Vc65-C1 Firmware | < 1302 |
| Asus | Vc65-C1 | - |
| Asus | Pb60V Firmware | < 1302 |
| Asus | Pb60V | - |
| Asus | Pb60G Firmware | < 1302 |
| Asus | Pb60G | - |
| Asus | Pb60S Firmware | < 1302 |
| Asus | Pb60S | - |
| Asus | Pa90 Firmware | < 1401 |
| Asus | Pa90 | - |
| Asus | Pb50 Firmware | < 902 |
| Asus | Pb50 | - |
| Asus | Pb60 Firmware | < 1502 |
| Asus | Pb60 | - |
| Asus | Pb61V Firmware | < 601 |
| Asus | Pb61V | - |
| Asus | Ts10 Firmware | < 609 |
| Asus | Ts10 | - |
| Asus | Pn40 Firmware | < 2201 |
| Asus | Pn40 | - |
Related Weaknesses (CWE)
References
- https://www.twcert.org.tw/tw/cp-132-5547-34bc4-1.htmlThird Party Advisory
- https://www.twcert.org.tw/tw/cp-132-5547-34bc4-1.htmlThird Party Advisory
FAQ
What is CVE-2022-21933?
CVE-2022-21933 is a vulnerability with a CVSS score of 6.7 (MEDIUM). ASUS VivoMini/Mini PC device has an improper input validation vulnerability. A local attacker with system privilege can use system management interrupt (SMI) to modify memory, resulting in arbitrary c...
How severe is CVE-2022-21933?
CVE-2022-21933 has been rated MEDIUM with a CVSS base score of 6.7/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2022-21933?
Check the references section above for vendor advisories and patch information. Affected products include: Asus Vc65-C1 Firmware, Asus Vc65-C1, Asus Pb60V Firmware, Asus Pb60V, Asus Pb60G Firmware.