PT-2023-25155 · Razer · Razercentral

Phan Thanh Duy

Publicado

2023-07-14

Atualizado

2023-07-27

CVE-2023-3513

CVSS v3.1

7.8

Alta

Vetor

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions RazerCentral versions prior to 7.11.0.558

Description The issue is related to improper privilege control in the RazerCentralSerivce Named Pipe, allowing a malicious actor with local access to gain SYSTEM privilege. This can be achieved by communicating with the named pipe as a low-privilege user and triggering an insecure .NET deserialization.

Recommendations For versions prior to 7.11.0.558, update to a version that contains a fix for this issue to prevent exploitation. As a temporary workaround, consider restricting access to the RazerCentralSerivce Named Pipe to minimize the risk of exploitation.

Exploit

Correção

Deserialization of Untrusted Data

Improper Privilege Management

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-502CWE-269

Identificadores relacionados

CVE-2023-3513

Produtos afetados

Razercentral

PT-2023-25155 · Razer · Razercentral

CVE-2023-3513

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 3