CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2022-47631

Razer Synapse through 3.7.1209.121307 allows privilege escalation due to an unsafe installation path and improper privilege management. Attackers can place DLLs into %PROGRAMDATA%\Razer\Synapse3\Service\bin if they do so before the service is installed and if they deny write access for the SYSTEM user. Although the service will not start if it detects malicious DLLs in this directory, attackers can exploit a race condition and replace a valid DLL (i.e., a copy of a legitimate Razer DLL) with a malicious DLL after the service has already checked the file. As a result, local Windows users can abuse the Razer driver installer to obtain administrative privileges on Windows.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.001

EPSS Ranking 21.3%

CVSS Severity

CVSS v3 Score 7.8

References

Products affected by CVE-2022-47631

Razer » Synapse » Version: N/A

cpe:2.3:a:razer:synapse:-
Razer » Synapse » Version: 2.20.15.1013

cpe:2.3:a:razer:synapse:2.20.15.1013
Razer » Synapse » Version: 2.20.15.1031

cpe:2.3:a:razer:synapse:2.20.15.1031
Razer » Synapse » Version: 2.20.15.1104

cpe:2.3:a:razer:synapse:2.20.15.1104
Razer » Synapse » Version: 2.20.15.822

cpe:2.3:a:razer:synapse:2.20.15.822
Razer » Synapse » Version: 2.20.17.116

cpe:2.3:a:razer:synapse:2.20.17.116
Razer » Synapse » Version: 2.20.17.413

cpe:2.3:a:razer:synapse:2.20.17.413
Razer » Synapse » Version: 2.21.00.712

cpe:2.3:a:razer:synapse:2.21.00.712
Razer » Synapse » Version: 2.21.00.721

cpe:2.3:a:razer:synapse:2.21.00.721
Razer » Synapse » Version: 2.21.00.830

cpe:2.3:a:razer:synapse:2.21.00.830
Razer » Synapse » Version: 2.21.18.115

cpe:2.3:a:razer:synapse:2.21.18.115
Razer » Synapse » Version: 3.4.711.71718

cpe:2.3:a:razer:synapse:3.4.711.71718
Razer » Synapse » Version: 3.5.1030.101917

cpe:2.3:a:razer:synapse:3.5.1030.101917
Razer » Synapse » Version: 3.5.116.10714

cpe:2.3:a:razer:synapse:3.5.116.10714
Razer » Synapse » Version: 3.6.0920.091710

cpe:2.3:a:razer:synapse:3.6.0920.091710
Razer » Synapse » Version: 3.6.1010.101113

cpe:2.3:a:razer:synapse:3.6.1010.101113
Razer » Synapse » Version: 3.6.1018.101823

cpe:2.3:a:razer:synapse:3.6.1018.101823
Razer » Synapse » Version: 3.6.1130.111217

cpe:2.3:a:razer:synapse:3.6.1130.111217
Razer » Synapse » Version: 3.6.1201.111814

cpe:2.3:a:razer:synapse:3.6.1201.111814
Razer » Synapse » Version: 3.7.0131.011810

cpe:2.3:a:razer:synapse:3.7.0131.011810
Razer » Synapse » Version: 3.7.0228.022817

cpe:2.3:a:razer:synapse:3.7.0228.022817
Microsoft » Windows » Version: N/A

cpe:2.3:o:microsoft:windows:-

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2022-47631

Products

Pricing

Contact Us