Lucene search

[email protected]CVE-2023-3513

HistoryJul 14, 2023 - 5:15 a.m.

CVE-2023-3513

2023-07-1405:15:09

CWE-502

CWE-269

[email protected]

web.nvd.nist.gov

cve-2023

razercentralserivce

privilege control

razercentral

security vulnerability

windows

.net deserialization

nvd

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

7.5 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

14.2%

JSON

Improper Privilege Control in RazerCentralSerivce Named Pipe in Razer RazerCentral <=7.11.0.558 on Windows allows a malicious actor with local access to gain SYSTEM privilege via communicating with the named pipe as a low-privilege user and triggering an insecure .NET deserialization.

Affected configurations

NVD

Node

razerrazer_centralRange≤7.11.0.558windows

CPENameOperatorVersion
razer:razer_centralrazer razer centralle7.11.0.558

CPE	Name	Operator	Version
razer:razer_central	razer razer central	le	7.11.0.558

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "modules": [
      "RazerCentralSerivce"
    ],
    "platforms": [
      "Windows"
    ],
    "product": "Razer Central",
    "vendor": "Razer",
    "versions": [
      {
        "lessThanOrEqual": "7.11.0.558",
        "status": "affected",
        "version": "0",
        "versionType": "custom"
      }
    ]
  }
]

References

starlabs.sg/advisories/23/23-3513/

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

7.5 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

14.2%

JSON

Related for CVE-2023-3513

prion1 cvelist1 nvd1