7.8
CVE-2022-21933
- EPSS 0.1%
- Veröffentlicht 21.01.2022 09:15:06
- Zuletzt bearbeitet 21.11.2024 06:45:44
- Quelle twcert@cert.org.tw
- CVE-Watchlists
- Unerledigt
LoginASUS VivoMini/Mini PC device has an improper input validation vulnerability. A local attacker with system privilege can use system management interrupt (SMI) to modify memory, resulting in arbitrary code execution for controlling the system or disrupting service.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Asus ≫ Vc65-c1 Firmware Version < 1302
Asus ≫ Pb60v Firmware Version < 1302
Asus ≫ Pb60g Firmware Version < 1302
Asus ≫ Pb60s Firmware Version < 1302
Asus ≫ Pa90 Firmware Version < 1401
Asus ≫ Pb50 Firmware Version < 902
Asus ≫ Pb60 Firmware Version < 1502
Asus ≫ Pb61v Firmware Version < 601
Asus ≫ Ts10 Firmware Version < 609
Asus ≫ Pn40 Firmware Version < 2201
Asus ≫ Pn60 Firmware Version < 808
Asus ≫ Pn30 Firmware Version < 320
Asus ≫ Un65u Firmware Version < 618
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.1% | 0.285 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.8 | 1.8 | 5.9 |
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
|
| nvd@nist.gov | 7.2 | 3.9 | 10 |
AV:L/AC:L/Au:N/C:C/I:C/A:C
|
| twcert@cert.org.tw | 6.7 | 0.8 | 5.9 |
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
|
CWE-20 Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
CWE-787 Out-of-bounds Write
The product writes data past the end, or before the beginning, of the intended buffer.