{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"state":"PUBLISHED","cveId":"CVE-2021-44226","assignerOrgId":"8254265b-2729-46b6-b9e3-3dfca2d5bfca","assignerShortName":"mitre","dateUpdated":"2024-08-04T04:17:24.676Z","dateReserved":"2021-11-26T00:00:00.000Z","datePublished":"2022-03-23T00:00:00.000Z"},"containers":{"cna":{"providerMetadata":{"orgId":"8254265b-2729-46b6-b9e3-3dfca2d5bfca","shortName":"mitre","dateUpdated":"2023-09-18T15:06:25.332Z"},"descriptions":[{"lang":"en","value":"Razer Synapse before 3.7.0228.022817 allows privilege escalation because it relies on %PROGRAMDATA%\\Razer\\Synapse3\\Service\\bin even if %PROGRAMDATA%\\Razer has been created by any unprivileged user before Synapse is installed. The unprivileged user may have placed Trojan horse DLLs there."}],"affected":[{"vendor":"n/a","product":"n/a","versions":[{"version":"n/a","status":"affected"}]}],"references":[{"url":"https://www.razer.com/community"},{"url":"https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2021-058.txt"},{"name":"20220325 [SYSS-2021-058] Razer Synapse - Local Privilege Escalation","tags":["mailing-list"],"url":"http://seclists.org/fulldisclosure/2022/Mar/51"},{"url":"http://packetstormsecurity.com/files/166485/Razer-Synapse-3.6.x-DLL-Hijacking.html"},{"name":"20230126 [SYSS-2022-047] Razer Synapse - Local Privilege Escalation","tags":["mailing-list"],"url":"http://seclists.org/fulldisclosure/2023/Jan/26"},{"url":"http://packetstormsecurity.com/files/170772/Razer-Synapse-3.7.0731.072516-Local-Privilege-Escalation.html"},{"name":"20230918 [SYSS-2023-002] Razer Synapse - Local Privilege Escalation","tags":["mailing-list"],"url":"http://seclists.org/fulldisclosure/2023/Sep/6"},{"url":"http://packetstormsecurity.com/files/174696/Razer-Synapse-Race-Condition-DLL-Hijacking.html"}],"problemTypes":[{"descriptions":[{"type":"text","lang":"en","description":"n/a"}]}]},"adp":[{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-04T04:17:24.676Z"},"title":"CVE Program Container","references":[{"url":"https://www.razer.com/community","tags":["x_transferred"]},{"url":"https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2021-058.txt","tags":["x_transferred"]},{"name":"20220325 [SYSS-2021-058] Razer Synapse - Local Privilege Escalation","tags":["mailing-list","x_transferred"],"url":"http://seclists.org/fulldisclosure/2022/Mar/51"},{"url":"http://packetstormsecurity.com/files/166485/Razer-Synapse-3.6.x-DLL-Hijacking.html","tags":["x_transferred"]},{"name":"20230126 [SYSS-2022-047] Razer Synapse - Local Privilege Escalation","tags":["mailing-list","x_transferred"],"url":"http://seclists.org/fulldisclosure/2023/Jan/26"},{"url":"http://packetstormsecurity.com/files/170772/Razer-Synapse-3.7.0731.072516-Local-Privilege-Escalation.html","tags":["x_transferred"]},{"name":"20230918 [SYSS-2023-002] Razer Synapse - Local Privilege Escalation","tags":["mailing-list","x_transferred"],"url":"http://seclists.org/fulldisclosure/2023/Sep/6"},{"url":"http://packetstormsecurity.com/files/174696/Razer-Synapse-Race-Condition-DLL-Hijacking.html","tags":["x_transferred"]}]}]}}