CVE-2023-3513

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions RazerCentral versions prior to 7.11.0.558

Description The issue is related to improper privilege control in the RazerCentralSerivce Named Pipe, allowing a malicious actor with local access to gain SYSTEM privilege. This can be achieved by communicating with the named pipe as a low-privilege user and triggering an insecure .NET deserialization.

Recommendations For versions prior to 7.11.0.558, update to a version that contains a fix for this issue to prevent exploitation. As a temporary workaround, consider restricting access to the RazerCentralSerivce Named Pipe to minimize the risk of exploitation.

Exploit

Fix

Deserialization of Untrusted Data

Improper Privilege Management

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-502CWE-269

Related Identifiers

CVE-2023-3513

Affected Products

Razercentral

CVE-2023-3513

Weakness Enumeration

Related Identifiers

Affected Products

References · 3