CVE-2022-47631

CVSS 3.1 Score 7.8 of 10 (high)

Details

Published Sep 14, 2023
Updated: Feb 16, 2024
CWE ID 367

Summary

CVE-2022-47631, also known as Razer Synapse privilege escalation vulnerability, affects Razer Synapse versions up to 3.7.1209.121307. Attackers can exploit an unsafe installation path and improper privilege management to gain administrative privileges on Windows. By placing DLLs into the designated directory before the service is installed and denying write access for the SYSTEM user, attackers can replace a valid DLL with a malicious one after the service has already checked the file, exploiting a race condition. This vulnerability poses a high risk to organizations as it allows local Windows users to elevate their privileges and potentially gain unauthorized access to sensitive information or perform malicious actions on affected systems.

Share

Explore Beyond the CVE Basics with Recorded Future's Vulnerability Intelligence

Note: This is just a basic overview providing quick insights into CVE-2022-47631 information. Gain full access to comprehensive CVE data, risk scores, prioritization, and mitigation data through Recorded Future's Vulnerability Intelligence:
  • Prioritize with Risk-Based Scoring
  • Explore the Extensive Vulnerability Database
  • Receive Early Alerts on Emerging CVEs
  • Focus on Critical Exploitable Vulnerabilities
  • Streamline Remediation with Integration Options