7.8
CVE-2022-21933
- EPSS 0.05%
- Published 21.01.2022 09:15:06
- Last modified 21.11.2024 06:45:44
- Source twcert@cert.org.tw
- Teams watchlist Login
- Open Login
ASUS VivoMini/Mini PC device has an improper input validation vulnerability. A local attacker with system privilege can use system management interrupt (SMI) to modify memory, resulting in arbitrary code execution for controlling the system or disrupting service.
Data is provided by the National Vulnerability Database (NVD)
Asus ≫ Vc65-c1 Firmware Version < 1302
Asus ≫ Pb60v Firmware Version < 1302
Asus ≫ Pb60g Firmware Version < 1302
Asus ≫ Pb60s Firmware Version < 1302
Asus ≫ Pa90 Firmware Version < 1401
Asus ≫ Pb50 Firmware Version < 902
Asus ≫ Pb60 Firmware Version < 1502
Asus ≫ Pb61v Firmware Version < 601
Asus ≫ Ts10 Firmware Version < 609
Asus ≫ Pn40 Firmware Version < 2201
Asus ≫ Pn60 Firmware Version < 808
Asus ≫ Pn30 Firmware Version < 320
Asus ≫ Un65u Firmware Version < 618
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.05% | 0.154 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 7.8 | 1.8 | 5.9 |
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
|
| nvd@nist.gov | 7.2 | 3.9 | 10 |
AV:L/AC:L/Au:N/C:C/I:C/A:C
|
| twcert@cert.org.tw | 6.7 | 0.8 | 5.9 |
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
|
CWE-20 Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
CWE-787 Out-of-bounds Write
The product writes data past the end, or before the beginning, of the intended buffer.