Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
6.8
CVSSv3

CVE-2022-47632

Published: 27/01/2023 Updated: 18/09/2023
CVSS v3 Base Score: 6.8 | Impact Score: 5.9 | Exploitability Score: 0.9
VMScore: 0
Subscribe to Razer

Vulnerability Summary

Razer Synapse prior to 3.7.0830.081906 allows privilege escalation due to an unsafe installation path, improper privilege management, and improper certificate validation. Attackers can place malicious DLLs into %PROGRAMDATA%\Razer\Synapse3\Service\bin if they do so before the service is installed and if they deny write access for the SYSTEM user. Although the service will not start if the malicious DLLs are unsigned, it suffices to use self-signed DLLs. The validity of the DLL signatures is not checked. As a result, local Windows users can abuse the Razer driver installer to obtain administrative privileges on Windows.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

razer synapse

Exploits

Exploit DB: Razer Synapse Race Condition / DLL Hijacking
Razer Synapse versions before 380428042117 (20230601) suffer from multiple vulnerabilities Due to an unsafe installation path, improper privilege management, and a time-of-check time-of-use race condition, the associated system service "Razer Synapse Service" is vulnerable to DLL hijacking As a result, local Windows users can abuse the Razer d ...
Exploit DB: Razer Synapse 3.7.0731.072516 Local Privilege Escalation
Razer Synapse version 370731072516 suffers from a local privilege escalation due to a DLL hijacking vulnerability ...

References

CWE-427https://syss.dehttps://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2022-047.txthttp://packetstormsecurity.com/files/170772/Razer-Synapse-3.7.0731.072516-Local-Privilege-Escalation.htmlhttp://seclists.org/fulldisclosure/2023/Sep/6http://packetstormsecurity.com/files/174696/Razer-Synapse-Race-Condition-DLL-Hijacking.htmlhttps://nvd.nist.govhttps://packetstormsecurity.com/files/174696/Razer-Synapse-Race-Condition-DLL-Hijacking.html
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27322CVE-2006-4304wirelessCVE-2023-23022local file inclusionCVE-2024-27058CVE-2024-33820open redirectCVE-2024-27079
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook