Privilege Escalation Vulnerability in Razer Synapse by Razer
CVE-2022-47631

7.8HIGH

Key Information:

Vendor

Razer

Status
Synapse
Vendor
CVE Published:
14 September 2023

What is CVE-2022-47631?

Razer Synapse versions up to 3.7.1209.121307 are susceptible to a local privilege escalation due to improper privilege management and unsafe installation paths. An attacker can exploit this vulnerability by placing malicious DLLs in the service's directory before its installation. Although the service employs checks to prevent the execution of malicious DLLs, a race condition allows attackers to swap a legitimate DLL with a malicious version after initial verification. This flaw grants local Windows users the ability to elevate their privileges and potentially execute arbitrary code with administrative rights.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

https://www.syss.de/fileadmin/dokumente/Publikationen/Adv...
http://seclists.org/fulldisclosure/2023/Sep/6
mailing-list
http://packetstormsecurity.com/files/174696/Razer-Synapse...

CVSS V3.1

Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
High
Privileges Required:
Low
User Interaction:
None
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.