Vulnerability Details CVE-2022-21933
ASUS VivoMini/Mini PC device has an improper input validation vulnerability. A local attacker with system privilege can use system management interrupt (SMI) to modify memory, resulting in arbitrary code execution for controlling the system or disrupting service.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.0
EPSS Ranking 6.1%
CVSS Severity
CVSS v3 Score 6.7
CVSS v2 Score 7.2
References
Products affected by CVE-2022-21933
-
cpe:2.3:h:asus:pa90:-
-
cpe:2.3:h:asus:pb50:-
-
cpe:2.3:h:asus:pb60:-
-
cpe:2.3:h:asus:pb60g:-
-
cpe:2.3:h:asus:pb60s:-
-
cpe:2.3:h:asus:pb60v:-
-
cpe:2.3:h:asus:pb61v:-
-
cpe:2.3:h:asus:pn30:-
-
cpe:2.3:h:asus:pn40:-
-
cpe:2.3:h:asus:pn60:-
-
cpe:2.3:h:asus:ts10:-
-
cpe:2.3:h:asus:un65u:-
-
cpe:2.3:h:asus:vc65-c1:-
-
cpe:2.3:o:asus:pa90_firmware:*
-
cpe:2.3:o:asus:pb50_firmware:*
-
cpe:2.3:o:asus:pb60_firmware:*
-
cpe:2.3:o:asus:pb60g_firmware:*
-
cpe:2.3:o:asus:pb60s_firmware:*
-
cpe:2.3:o:asus:pb60v_firmware:*
-
cpe:2.3:o:asus:pb61v_firmware:*
-
cpe:2.3:o:asus:pn30_firmware:*
-
cpe:2.3:o:asus:pn40_firmware:*
-
cpe:2.3:o:asus:pn60_firmware:*
-
cpe:2.3:o:asus:ts10_firmware:*
-
cpe:2.3:o:asus:un65u_firmware:*
-
cpe:2.3:o:asus:vc65-c1_firmware:*