CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2022-47632

Razer Synapse before 3.7.0830.081906 allows privilege escalation due to an unsafe installation path, improper privilege management, and improper certificate validation. Attackers can place malicious DLLs into %PROGRAMDATA%\Razer\Synapse3\Service\bin if they do so before the service is installed and if they deny write access for the SYSTEM user. Although the service will not start if the malicious DLLs are unsigned, it suffices to use self-signed DLLs. The validity of the DLL signatures is not checked. As a result, local Windows users can abuse the Razer driver installer to obtain administrative privileges on Windows.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.001

EPSS Ranking 17.8%

CVSS Severity

CVSS v3 Score 6.8

References

Products affected by CVE-2022-47632

Razer » Synapse » Version: N/A

cpe:2.3:a:razer:synapse:-
Razer » Synapse » Version: 2.20.15.1013

cpe:2.3:a:razer:synapse:2.20.15.1013
Razer » Synapse » Version: 2.20.15.1031

cpe:2.3:a:razer:synapse:2.20.15.1031
Razer » Synapse » Version: 2.20.15.1104

cpe:2.3:a:razer:synapse:2.20.15.1104
Razer » Synapse » Version: 2.20.15.822

cpe:2.3:a:razer:synapse:2.20.15.822
Razer » Synapse » Version: 2.20.17.116

cpe:2.3:a:razer:synapse:2.20.17.116
Razer » Synapse » Version: 2.20.17.413

cpe:2.3:a:razer:synapse:2.20.17.413
Razer » Synapse » Version: 2.21.00.712

cpe:2.3:a:razer:synapse:2.21.00.712
Razer » Synapse » Version: 2.21.00.721

cpe:2.3:a:razer:synapse:2.21.00.721
Razer » Synapse » Version: 2.21.00.830

cpe:2.3:a:razer:synapse:2.21.00.830
Razer » Synapse » Version: 2.21.18.115

cpe:2.3:a:razer:synapse:2.21.18.115
Razer » Synapse » Version: 3.4.711.71718

cpe:2.3:a:razer:synapse:3.4.711.71718
Razer » Synapse » Version: 3.5.1030.101917

cpe:2.3:a:razer:synapse:3.5.1030.101917
Razer » Synapse » Version: 3.5.116.10714

cpe:2.3:a:razer:synapse:3.5.116.10714
Razer » Synapse » Version: 3.6.0920.091710

cpe:2.3:a:razer:synapse:3.6.0920.091710
Razer » Synapse » Version: 3.6.1010.101113

cpe:2.3:a:razer:synapse:3.6.1010.101113
Razer » Synapse » Version: 3.6.1018.101823

cpe:2.3:a:razer:synapse:3.6.1018.101823
Razer » Synapse » Version: 3.6.1130.111217

cpe:2.3:a:razer:synapse:3.6.1130.111217
Razer » Synapse » Version: 3.6.1201.111814

cpe:2.3:a:razer:synapse:3.6.1201.111814
Razer » Synapse » Version: 3.7.0131.011810

cpe:2.3:a:razer:synapse:3.7.0131.011810
Razer » Synapse » Version: 3.7.0228.022817

cpe:2.3:a:razer:synapse:3.7.0228.022817
Microsoft » Windows » Version: N/A

cpe:2.3:o:microsoft:windows:-

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2022-47632

Products

Pricing

Contact Us