CVE Vulnerability

CVE-2021-44226

Razer Synapse before 3.7.0228.022817 allows privilege escalation because it relies on %PROGRAMDATA%RazerSynapse3Servicebin even if %PROGRAMDATA%Razer has been created by any unprivileged user before Synapse is installed. The unprivileged user may have placed Trojan horse DLLs there.

6.9 /10

CVSS v2.0 :

V3 Legend

Vector :

Exploitability : 3.4 / Impact : 10

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

Scope

7.3 /10

CVSS v3.0 : HIGH

V3 Legend

Vector :

Exploitability : 1.3 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://www.razer.com/community Vendor Advisory
https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2021-058.txt Exploit Third Party Advisory
http://seclists.org/fulldisclosure/2022/Mar/51 Exploit Mailing List
http://packetstormsecurity.com/files/166485/Razer-Synapse-3.6.x-DLL-Hijacking.html Exploit Third Party Advisory
http://seclists.org/fulldisclosure/2023/Jan/26 Not Applicable
http://packetstormsecurity.com/files/170772/Razer-Synapse-3.7.0731.072516-Local-Privilege-Escalation.html Not Applicable
Configurations

Configuration 1
Information

Published : 2022-03-23 10:15

Updated : 2023-02-22 05:39

NVD link : CVE-2021-44226

Mitre link : CVE-2021-44226

Products Affected
No products.
CWE
CWE-427