CVE-2022-47632
MEDIUMRazer Synapse < 3.7.0830.081906 - Local Privilege Escalation via DLL Hijacking
Title source: llmDescription
Razer Synapse before 3.7.0830.081906 allows privilege escalation due to an unsafe installation path, improper privilege management, and improper certificate validation. Attackers can place malicious DLLs into %PROGRAMDATA%\Razer\Synapse3\Service\bin if they do so before the service is installed and if they deny write access for the SYSTEM user. Although the service will not start if the malicious DLLs are unsigned, it suffices to use self-signed DLLs. The validity of the DLL signatures is not checked. As a result, local Windows users can abuse the Razer driver installer to obtain administrative privileges on Windows.
References (5)
Core 5
Core References
Exploit, Mitigation, Third Party Advisory, VDB Entry
http://packetstormsecurity.com/files/170772/Razer-Synapse-3.7.0731.072516-Local-Privilege-Escalation.html
Not Applicable
https://syss.de
Exploit, Mitigation, Third Party Advisory
https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2022-047.txt
Exploit, Third Party Advisory
http://packetstormsecurity.com/files/174696/Razer-Synapse-Race-Condition-DLL-Hijacking.html
Mailing List mailing-list
http://seclists.org/fulldisclosure/2023/Sep/6
Scores
CVSS v3
6.8
EPSS
0.0063
EPSS Percentile
45.5%
Attack Vector
PHYSICAL
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
poc
Automatable
no
Technical Impact
total
Details
CWE
CWE-427
Status
published
Products (1)
razer/synapse
< 3.7.0830.081906
Published
Jan 27, 2023
Tracked Since
Feb 18, 2026