CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 3CVE-2022-47631 – Razer Synapse Race Condition / DLL Hijacking
https://notcve.org/view.php?id=CVE-2022-47631
Razer Synapse through 3.7.1209.121307 allows privilege escalation due to an unsafe installation path and improper privilege management. Attackers can place DLLs into %PROGRAMDATA%\Razer\Synapse3\Service\bin if they do so before the service is installed and if they deny write access for the SYSTEM user. Although the service will not start if it detects malicious DLLs in this directory, attackers can exploit a race condition and replace a valid DLL (i.e., a copy of a legitimate Razer DLL) with a malicious DLL after the service has already checked the file. As a result, local Windows users can abuse the Razer driver installer to obtain administrative privileges on Windows. Razer Synapse hasta 3.7.1209.121307 permite la escalada de privilegios debido a una ruta de instalación insegura y una gestión de privilegios inadecuada. • http://packetstormsecurity.com/files/174696/Razer-Synapse-Race-Condition-DLL-Hijacking.html http://seclists.org/fulldisclosure/2023/Sep/6 https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2023-002.txt • CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-3514 – RazerCentralSerivce Unsafe Named Pipe Permission Escalation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2023-3514
Improper Privilege Control in RazerCentralSerivce Named Pipe in Razer RazerCentral <=7.11.0.558 on Windows allows a malicious actor with local access to gain SYSTEM privilege via communicating with the named pipe as a low-privilege user and calling "AddModule" or "UninstallModules" command to execute arbitrary executable file. • https://starlabs.sg/advisories/23/23-3514 • CWE-269: Improper Privilege Management •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-3513 – RazerCentralService Unsafe Deserialization Escalation of Privilege
https://notcve.org/view.php?id=CVE-2023-3513
Improper Privilege Control in RazerCentralSerivce Named Pipe in Razer RazerCentral <=7.11.0.558 on Windows allows a malicious actor with local access to gain SYSTEM privilege via communicating with the named pipe as a low-privilege user and triggering an insecure .NET deserialization. • https://starlabs.sg/advisories/23/23-3513 • CWE-269: Improper Privilege Management CWE-502: Deserialization of Untrusted Data •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-45697
https://notcve.org/view.php?id=CVE-2022-45697
Arbitrary File Delete vulnerability in Razer Central before v7.8.0.381 when handling files in the Accounts directory. • http://razer.com https://github.com/Wh04m1001/CVE • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 6.8EPSS: 0%CPEs: 2EXPL: 2CVE-2022-47632 – Razer Synapse 3.7.0731.072516 Local Privilege Escalation
https://notcve.org/view.php?id=CVE-2022-47632
Razer Synapse before 3.7.0830.081906 allows privilege escalation due to an unsafe installation path, improper privilege management, and improper certificate validation. Attackers can place malicious DLLs into %PROGRAMDATA%\Razer\Synapse3\Service\bin if they do so before the service is installed and if they deny write access for the SYSTEM user. Although the service will not start if the malicious DLLs are unsigned, it suffices to use self-signed DLLs. The validity of the DLL signatures is not checked. As a result, local Windows users can abuse the Razer driver installer to obtain administrative privileges on Windows. • http://packetstormsecurity.com/files/170772/Razer-Synapse-3.7.0731.072516-Local-Privilege-Escalation.html http://packetstormsecurity.com/files/174696/Razer-Synapse-Race-Condition-DLL-Hijacking.html http://seclists.org/fulldisclosure/2023/Sep/6 https://syss.de https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2022-047.txt • CWE-427: Uncontrolled Search Path Element •