Description
An issue was discovered in SteelSeries GG 36.0.0. An attacker can change values in an unencrypted database that is writable for all users on the computer, in order to trigger code execution with higher privileges.
References (2)
Core 2
Core References
Product
https://steelseries.com/gg
Exploit, Third Party Advisory
https://www.akamai.com/blog/security-research/exploit-steelseries-subapp-privilege-escalation
Scores
CVSS v3
8.8
EPSS
0.0092
EPSS Percentile
55.5%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
poc
Automatable
no
Technical Impact
total
Details
CWE
CWE-276
Status
published
Products (1)
steelseries/gg
36.0.0
Published
Jul 20, 2023
Tracked Since
Feb 18, 2026