Lucene search

STAR_LabsCVELIST:CVE-2023-3513

HistoryJul 14, 2023 - 4:49 a.m.

CVE-2023-3513 RazerCentralService Unsafe Deserialization Escalation of Privilege

2023-07-1404:49:59

CWE-269

CWE-502

STAR_Labs

www.cve.org

razercentralservice

privilegecontrol

vulnerability

unsafedeserialization

escalationofprivilege

namedpipe

windows

maliciousactor

localaccess

systemprivilege

.net

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS

Percentile

14.1%

JSON

Improper Privilege Control in RazerCentralSerivce Named Pipe in Razer RazerCentral <=7.11.0.558 on Windows allows a malicious actor with local access to gain SYSTEM privilege via communicating with the named pipe as a low-privilege user and triggering an insecure .NET deserialization.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "modules": [
      "RazerCentralSerivce"
    ],
    "platforms": [
      "Windows"
    ],
    "product": "Razer Central",
    "vendor": "Razer",
    "versions": [
      {
        "lessThanOrEqual": "7.11.0.558",
        "status": "affected",
        "version": "0",
        "versionType": "custom"
      }
    ]
  }
]

References

starlabs.sg/advisories/23/23-3513/

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS

Percentile

14.1%

JSON

Related for CVELIST:CVE-2023-3513