Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
prionPRIOn knowledge basePRION:CVE-2022-47632
HistoryJan 27, 2023 - 3:15 p.m.

Privilege escalation

2023-01-2715:15:00
PRIOn knowledge base
www.prio-n.com
6
razer synapse
privilege escalation
unsafe installation
improper privilege management
dlls
self-signed
administrative privileges
windows

7.1 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

25.9%

JSON

Razer Synapse before 3.7.0830.081906 allows privilege escalation due to an unsafe installation path, improper privilege management, and improper certificate validation. Attackers can place malicious DLLs into %PROGRAMDATA%\Razer\Synapse3\Service\bin if they do so before the service is installed and if they deny write access for the SYSTEM user. Although the service will not start if the malicious DLLs are unsigned, it suffices to use self-signed DLLs. The validity of the DLL signatures is not checked. As a result, local Windows users can abuse the Razer driver installer to obtain administrative privileges on Windows.

CPENameOperatorVersion
synapselt3.7.0830.081906

Related

cvelist 1
cve 1
nvd 1
zdt 1
packetstorm 2
cvelist
cvelist
CVE-2022-47632
2023-01-27 00:00:00
cve
cve
CVE-2022-47632
2023-01-27 15:15:09
nvd
nvd
CVE-2022-47632
2023-01-27 15:15:09
zdt
zdt
Razer Synapse 3.7.0731.072516 Local Privilege Escalation Vulnerability
2023-01-30 00:00:00
packetstorm
packetstorm
Razer Synapse 3.7.0731.072516 Local Privilege Escalation
2023-01-27 00:00:00
Razer Synapse Race Condition / DLL Hijacking
2023-09-18 00:00:00

7.1 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

25.9%

JSON
Related for PRION:CVE-2022-47632
cvelist1cve1nvd1zdt1packetstorm2