Local Privilege Escalation in Razer Synapse Software
CVE-2021-44226

7.3HIGH

Key Information:

Vendor

Razer

Status
Synapse
Vendor
CVE Published:
23 March 2022

What is CVE-2021-44226?

Razer Synapse prior to version 3.7.0228.022817 is susceptible to local privilege escalation due to its reliance on specific paths within the program's directory structure. This vulnerability allows an unprivileged user who has access to the %PROGRAMDATA% folder before the software installation to place malicious DLLs, potentially leading to exploitation. If the folder %PROGRAMDATA%\Razer has been manipulated by an attacker, it can enable a Trojan horse DLL to be executed with elevated privileges, thereby compromising system security.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

https://www.razer.com/community
https://www.syss.de/fileadmin/dokumente/Publikationen/Adv...
http://seclists.org/fulldisclosure/2022/Mar/51
mailing-list

CVSS V3.1

Score:
7.3
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.