How severe is CVE-2022-47632?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 6.8 out of 10.

What type of vulnerability is CVE-2022-47632?

This is classified as CWE-427, which is a common weakness in software security.

CVE-2022-47632

MEDIUM Year: 2022

CVSS v3 Score

6.8

Medium

Weakness Type

CWE-427

View all →

Vulnerability Description

Razer Synapse before 3.7.0830.081906 allows privilege escalation due to an unsafe installation path, improper privilege management, and improper certificate validation. Attackers can place malicious DLLs into %PROGRAMDATA%\Razer\Synapse3\Service\bin if they do so before the service is installed and if they deny write access for the SYSTEM user. Although the service will not start if the malicious DLLs are unsigned, it suffices to use self-signed DLLs. The validity of the DLL signatures is not checked. As a result, local Windows users can abuse the Razer driver installer to obtain administrative privileges on Windows.

CVE-2020-27348

MEDIUM

CVSS:6.8(Medium)

In some conditions, a snap package built by snapcraft includes the current directory in LD_LIBRARY_PATH, allowing a malicious snap to gain code execution within the context of another snap if both plu...

CWE-4272020

CVE-2024-13946

HIGH

CVSS:6.8(Medium)

DLL's are not digitally signed when loaded in ASPECT's configuration toolset exposing the application to binary planting during device commissioning.This issue affects ASPECT-Enterprise: through 3.*; ...

CWE-4272024

CVE-2017-12313

MEDIUM

CVSS:6.7(Medium)

An untrusted search path (aka DLL Preload) vulnerability in the Cisco Network Academy Packet Tracer software could allow an authenticated, local attacker to execute arbitrary code via DLL hijacking if...

CWE-4272017

CVE-2017-5565

MEDIUM

CVSS:6.7(Medium)

Code injection vulnerability in Trend Micro Maximum Security 11.0 (and earlier), Internet Security 11.0 (and earlier), and Antivirus+ Security 11.0 (and earlier) allows a local attacker to bypass a se...

CWE-4272017

CVE-2017-5566

MEDIUM

CVSS:6.7(Medium)

Code injection vulnerability in AVG Ultimate 17.1 (and earlier), AVG Internet Security 17.1 (and earlier), and AVG AntiVirus FREE 17.1 (and earlier) allows a local attacker to bypass a self-protection...

CWE-4272017

CVE-2017-5567

MEDIUM

CVSS:6.7(Medium)

Code injection vulnerability in Avast Premier 12.3 (and earlier), Internet Security 12.3 (and earlier), Pro Antivirus 12.3 (and earlier), and Free Antivirus 12.3 (and earlier) allows a local attacker ...

CWE-4272017

CVE-2022-47632

Vulnerability Description

Related Vulnerabilities

CVE-2020-27348

CVE-2024-13946

CVE-2017-12313

CVE-2017-5565

CVE-2017-5566

CVE-2017-5567