Lucene search

STAR_LabsCVE-2023-3514

HistoryJul 14, 2023 - 5:15 a.m.

CVE-2023-3514

2023-07-1405:15:09

CWE-269

STAR_Labs

web.nvd.nist.gov

cve-2023-3514

razercentral

privilege control

vulnerability

windows

razer

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS

Percentile

9.0%

JSON

Improper Privilege Control in RazerCentralSerivce Named Pipe in Razer RazerCentral <=7.11.0.558 on Windows allows a malicious actor with local access to gain SYSTEM privilege via communicating with the named pipe as a low-privilege user and calling “AddModule” or “UninstallModules” command to execute arbitrary executable file.

Affected configurations

Nvd

Node

razerrazer_centralRange≤7.11.0.558windows

VendorProductVersionCPE
razerrazer_central*cpe:2.3:a:razer:razer_central:*:*:*:*:*:windows:*:*

Vendor	Product	Version	CPE
razer	razer_central	*	cpe:2.3:a:razer:razer_central::::::windows::*

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "modules": [
      "RazerCentralSerivce"
    ],
    "platforms": [
      "Windows"
    ],
    "product": "Razer Central",
    "vendor": "Razer",
    "versions": [
      {
        "lessThanOrEqual": "7.11.0.558",
        "status": "affected",
        "version": "0",
        "versionType": "custom"
      }
    ]
  }
]

References

starlabs.sg/advisories/23/23-3514/

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS

Percentile

9.0%

JSON

Related for CVE-2023-3514