{"containers": {"cna": {"affected": [{"product": "VC65-C1", "vendor": "ASUS", "versions": [{"lessThan": "1302", "status": "affected", "version": "unspecified", "versionType": "custom"}]}, {"product": "PB60V", "vendor": "ASUS", "versions": [{"lessThan": "1302", "status": "affected", "version": "unspecified", "versionType": "custom"}]}, {"product": "PB60G", "vendor": "ASUS", "versions": [{"lessThan": "1302", "status": "affected", "version": "unspecified", "versionType": "custom"}]}, {"product": "PB60S", "vendor": "ASUS", "versions": [{"lessThan": "1302", "status": "affected", "version": "unspecified", "versionType": "custom"}]}, {"product": "PA90", "vendor": "ASUS", "versions": [{"lessThan": "1401", "status": "affected", "version": "unspecified", "versionType": "custom"}]}, {"product": "PB50", "vendor": "ASUS", "versions": [{"lessThan": "902", "status": "affected", "version": "unspecified", "versionType": "custom"}]}, {"product": "PB60", "vendor": "ASUS", "versions": [{"lessThan": "1502", "status": "affected", "version": "unspecified", "versionType": "custom"}]}, {"product": "PB61V", "vendor": "ASUS", "versions": [{"lessThan": "601", "status": "affected", "version": "unspecified", "versionType": "custom"}]}, {"product": "TS10", "vendor": "ASUS", "versions": [{"lessThan": "609", "status": "affected", "version": "unspecified", "versionType": "custom"}]}, {"product": "PN40", "vendor": "ASUS", "versions": [{"lessThan": "2201", "status": "affected", "version": "unspecified", "versionType": "custom"}]}, {"product": "PN60", "vendor": "ASUS", "versions": [{"lessThan": "808", "status": "affected", "version": "unspecified", "versionType": "custom"}]}, {"product": "PN30", "vendor": "ASUS", "versions": [{"lessThan": "320", "status": "affected", "version": "unspecified", "versionType": "custom"}]}, {"product": "UN65U", "vendor": "ASUS", "versions": [{"lessThan": "618", "status": "affected", "version": "unspecified", "versionType": "custom"}]}], "datePublic": "2022-01-21T00:00:00", "descriptions": [{"lang": "en", "value": "ASUS VivoMini/Mini PC device has an improper input validation vulnerability. A local attacker with system privilege can use system management interrupt (SMI) to modify memory, resulting in arbitrary code execution for controlling the system or disrupting service."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-20", "description": "CWE-20 Improper Input Validation", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2022-01-21T09:05:12", "orgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e", "shortName": "twcert"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://www.twcert.org.tw/tw/cp-132-5547-34bc4-1.html"}], "solutions": [{"lang": "en", "value": "BIOS Update(https://www.asus.com/content/ASUS-Product-Security-Advisory/)"}], "source": {"advisory": "TVN-202201001", "discovery": "EXTERNAL"}, "title": "ASUS VivoMini/Mini PC - improper input validation", "x_generator": {"engine": "Vulnogram 0.0.9"}, "x_legacyV4Record": {"CVE_data_meta": {"AKA": "TWCERT/CC", "ASSIGNER": "cve@cert.org.tw", "DATE_PUBLIC": "2022-01-21T07:55:00.000Z", "ID": "CVE-2022-21933", "STATE": "PUBLIC", "TITLE": "ASUS VivoMini/Mini PC - improper input validation"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "VC65-C1", "version": {"version_data": [{"version_affected": "<", "version_value": "1302"}]}}, {"product_name": "PB60V", "version": {"version_data": [{"version_affected": "<", "version_value": "1302"}]}}, {"product_name": "PB60G", "version": {"version_data": [{"version_affected": "<", "version_value": "1302"}]}}, {"product_name": "PB60S", "version": {"version_data": [{"version_affected": "<", "version_value": "1302"}]}}, {"product_name": "PA90", "version": {"version_data": [{"version_affected": "<", "version_value": "1401"}]}}, {"product_name": "PB50", "version": {"version_data": [{"version_affected": "<", "version_value": "902"}]}}, {"product_name": "PB60", "version": {"version_data": [{"version_affected": "<", "version_value": "1502"}]}}, {"product_name": "PB61V", "version": {"version_data": [{"version_affected": "<", "version_value": "601"}]}}, {"product_name": "TS10", "version": {"version_data": [{"version_affected": "<", "version_value": "609"}]}}, {"product_name": "PN40", "version": {"version_data": [{"version_affected": "<", "version_value": "2201"}]}}, {"product_name": "PN60", "version": {"version_data": [{"version_affected": "<", "version_value": "808"}]}}, {"product_name": "PN30", "version": {"version_data": [{"version_affected": "<", "version_value": "320"}]}}, {"product_name": "UN65U", "version": {"version_data": [{"version_affected": "<", "version_value": "618"}]}}]}, "vendor_name": "ASUS"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "ASUS VivoMini/Mini PC device has an improper input validation vulnerability. A local attacker with system privilege can use system management interrupt (SMI) to modify memory, resulting in arbitrary code execution for controlling the system or disrupting service."}]}, "generator": {"engine": "Vulnogram 0.0.9"}, "impact": {"cvss": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-20 Improper Input Validation"}]}]}, "references": {"reference_data": [{"name": "https://www.twcert.org.tw/tw/cp-132-5547-34bc4-1.html", "refsource": "MISC", "url": "https://www.twcert.org.tw/tw/cp-132-5547-34bc4-1.html"}]}, "solution": [{"lang": "en", "value": "BIOS Update(https://www.asus.com/content/ASUS-Product-Security-Advisory/)"}], "source": {"advisory": "TVN-202201001", "discovery": "EXTERNAL"}}}}, "cveMetadata": {"assignerOrgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e", "assignerShortName": "twcert", "cveId": "CVE-2022-21933", "datePublished": "2022-01-21T00:00:00", "dateReserved": "2021-12-14T00:00:00", "dateUpdated": "2022-01-21T09:05:12", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:asus:vc65-c1_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "395B2D9B-6DFD-4AD2-BC1C-F028D9F09156", "versionEndExcluding": "1302", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:asus:vc65-c1:-:*:*:*:*:*:*:*", "matchCriteriaId": "D95AA553-93DD-4B25-998D-1931984CAE43", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:asus:pb60v_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "0160408D-702A-40C4-A708-577A2382061C", "versionEndExcluding": "1302", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:asus:pb60v:-:*:*:*:*:*:*:*", "matchCriteriaId": "3819ED72-D8BA-475A-BC75-1AFDD32355CE", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:asus:pb60g_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "45E296C4-7A32-4BC4-9F43-4D6967CC9E3D", "versionEndExcluding": "1302", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:asus:pb60g:-:*:*:*:*:*:*:*", "matchCriteriaId": "8A9D7121-8D3E-4B28-8BAF-FD35DA75D52F", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:asus:pb60s_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "0D8E824D-F3A6-4719-B2F9-6B48D081FD3D", "versionEndExcluding": "1302", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:asus:pb60s:-:*:*:*:*:*:*:*", "matchCriteriaId": "42187AD8-D7C0-433C-9B15-8B34854F4E44", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:asus:pa90_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "40112146-802E-462B-A549-F3D59B8C6A07", "versionEndExcluding": "1401", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:asus:pa90:-:*:*:*:*:*:*:*", "matchCriteriaId": "4331D58D-60C8-4C8D-A56E-BC673265EAFB", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:asus:pb50_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "065CAC27-8EED-4CCA-B581-7DE18B5E3679", "versionEndExcluding": "902", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:asus:pb50:-:*:*:*:*:*:*:*", "matchCriteriaId": "0012812A-1DCE-40DD-8333-D0D3263D4037", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:asus:pb60_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "D02742FD-6BE3-4168-93F8-D5D583EE16F9", "versionEndExcluding": "1502", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:asus:pb60:-:*:*:*:*:*:*:*", "matchCriteriaId": "1A3DD60D-1F92-435D-AD01-3D3D97F4C9DF", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:asus:pb61v_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "2361CDED-64D2-49B7-85F7-A9E5E0D9648D", "versionEndExcluding": "601", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:asus:pb61v:-:*:*:*:*:*:*:*", "matchCriteriaId": "5401FCAE-BBA0-48AF-B41A-6AA56FD69C32", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:asus:ts10_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "C7D8ABFC-E97D-4534-A477-00C59CCFC4BD", "versionEndExcluding": "609", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:asus:ts10:-:*:*:*:*:*:*:*", "matchCriteriaId": "770CEBE0-41C1-4946-A0E5-38426B2E55AC", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:asus:pn40_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "926B71C7-45C0-4070-BEAB-551896043C6E", "versionEndExcluding": "2201", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:asus:pn40:-:*:*:*:*:*:*:*", "matchCriteriaId": "48A7EC77-C345-4976-8E71-D7D9EECCD8DC", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:asus:pn60_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "1C8E41C0-87D8-4E5E-A8A8-F4ED6935C283", "versionEndExcluding": "808", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:asus:pn60:-:*:*:*:*:*:*:*", "matchCriteriaId": "9D15F380-7802-4A8E-BD79-68BC682C6E15", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:asus:pn30_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "48B92D16-649E-4565-B488-EE9081C2DE0E", "versionEndExcluding": "320", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:asus:pn30:-:*:*:*:*:*:*:*", "matchCriteriaId": "4C3C527A-4216-4755-B01D-E9ED1C1E7DB7", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:asus:un65u_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "D99FD9A8-B2D5-4CEC-8610-D0172EF5D9FA", "versionEndExcluding": "618", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:asus:un65u:-:*:*:*:*:*:*:*", "matchCriteriaId": "A7A7D92E-2D8E-4CF5-BA4C-2AED0946F6FF", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "ASUS VivoMini/Mini PC device has an improper input validation vulnerability. A local attacker with system privilege can use system management interrupt (SMI) to modify memory, resulting in arbitrary code execution for controlling the system or disrupting service."}, {"lang": "es", "value": "El dispositivo ASUS VivoMini/Mini PC presenta una vulnerabilidad de comprobaci\u00f3n de entrada inapropiada. Un atacante local con privilegios de sistema puede usar la interrupci\u00f3n de administraci\u00f3n del sistema (SMI) para modificar la memoria, resultando en una ejecuci\u00f3n de c\u00f3digo arbitrario para controlar el sistema o interrumpir el servicio"}], "id": "CVE-2022-21933", "lastModified": "2023-07-24T13:53:02.023", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 7.2, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 0.8, "impactScore": 5.9, "source": "twcert@cert.org.tw", "type": "Secondary"}]}, "published": "2022-01-21T09:15:06.820", "references": [{"source": "twcert@cert.org.tw", "tags": ["Third Party Advisory"], "url": "https://www.twcert.org.tw/tw/cp-132-5547-34bc4-1.html"}], "sourceIdentifier": "twcert@cert.org.tw", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-787"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-20"}], "source": "twcert@cert.org.tw", "type": "Secondary"}]}

{}