Main Vulnerability Database Vulnerabilities #VU56040

Permissions, Privileges, and Access Controls in Razer Synapse - #VU56040

Published: August 23, 2021 / Updated: August 23, 2021

Vulnerability identifier: #VU56040

CSH Severity: Low

CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/U:Clear

CVE-ID: N/A

CWE-ID: CWE-264

Exploitation vector: Local access

Exploit availability: No public exploit available

Vulnerable software:
Razer Synapse

Software vendor:
Razer

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to application does not properly impose security restrictions in Windows 10 after plugging in Razer mouse or keyboard, which leads to security restrictions bypass and privilege escalation.

An attacker with physical access to the system can execute arbitrary code with SYSTEM privileges.

Remediation

Cybersecurity Help is currently unaware of any official solution to address this vulnerability.

External links

https://www.bleepingcomputer.com/news/security/razer-bug-lets-you-become-a-windows-10-admin-by-plugging-in-a-mouse/

Permissions, Privileges, and Access Controls in Razer Synapse - #VU56040

Description

Remediation

External links

Please verify you're human