TVN ID | TVN-202201001 |
---|---|
CVE ID | CVE-2022-21933 |
CVSS | 6.7 (Medium) CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H |
Affected Products | ASUS VivoMini/Mini PC Affected Product List: ASUS VC65-C1 BIOS version < 1302 ASUS PB60V BIOS version < 1302 ASUS PB60G BIOS version < 1302 ASUS PB60S BIOS version <1302 ASUS PA90 BIOS version < 1401 ASUS PB50 BIOS version < 902 ASUS PB60 BIOS version < 1502 ASUS PB61V BIOS version < 601 ASUS TS10 BIOS version < 609 ASUS PN40 BIOS version < 2201 ASUS PN60 BIOS version < 808 ASUS PN30 BIOS version < 320 ASUS UN65U BIOS version < 618 |
Description | ASUS VivoMini/Mini PC device has an improper input validation vulnerability. A local attacker with system privilege can use system management interrupt (SMI) to modify memory, resulting in arbitrary code execution for controlling the system or disrupting service. |
Solution | BIOS Update(https://www.asus.com/content/ASUS-Product-Security-Advisory/) |
Credit | Yngweijw (IIE Varas) |
Public Date | 2022-01-20 |