cnvd - cnvd-2017-26161

cnvd-2017-26161

Vulnerability from cnvd

Title

Razer Synapse rzpnk.sys驱动程序权限提升漏洞

Description

Razer Synapse是美国Razer公司的一款Razer设备配置软件。 Razer Synapse rzpnk.sys驱动程序存在安全漏洞，允许远程攻击者利用漏洞提交特制的IOCTL请求，提升权限。

Severity

高

Formal description

用户可参考如下厂商提供的安全补丁以修复该漏洞： https://www.razerzone.com/

Reference

http://www.rapid7.com/db/modules/exploit/windows/local/razer_zwopenprocess

Impacted products

Name
Razer Synapse

Show details on source website

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2017-9769"
    }
  },
  "description": "Razer Synapse\u662f\u7f8e\u56fdRazer\u516c\u53f8\u7684\u4e00\u6b3eRazer\u8bbe\u5907\u914d\u7f6e\u8f6f\u4ef6\u3002\r\n\r\nRazer Synapse rzpnk.sys\u9a71\u52a8\u7a0b\u5e8f\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u5141\u8bb8\u8fdc\u7a0b\u653b\u51fb\u8005\u5229\u7528\u6f0f\u6d1e\u63d0\u4ea4\u7279\u5236\u7684IOCTL\u8bf7\u6c42\uff0c\u63d0\u5347\u6743\u9650\u3002",
  "discovererName": "Metasploit",
  "formalWay": "\u7528\u6237\u53ef\u53c2\u8003\u5982\u4e0b\u5382\u5546\u63d0\u4f9b\u7684\u5b89\u5168\u8865\u4e01\u4ee5\u4fee\u590d\u8be5\u6f0f\u6d1e\uff1a\r\nhttps://www.razerzone.com/",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2017-26161",
  "openTime": "2017-09-12",
  "products": {
    "product": "Razer Synapse"
  },
  "referenceLink": "http://www.rapid7.com/db/modules/exploit/windows/local/razer_zwopenprocess",
  "serverity": "\u9ad8",
  "submitTime": "2017-08-04",
  "title": "Razer Synapse rzpnk.sys\u9a71\u52a8\u7a0b\u5e8f\u6743\u9650\u63d0\u5347\u6f0f\u6d1e"
}

CVE-2017-9769 (GCVE-0-2017-9769)

Vulnerability from cvelistv5

Published

2017-08-02 19:00

Modified

2024-08-05 17:18

Severity ?

CWE

n/a

Summary

A specially crafted IOCTL can be issued to the rzpnk.sys driver in Razer Synapse 2.20.15.1104 that is forwarded to ZwOpenProcess allowing a handle to be opened to an arbitrary process.

References

URL

Tags

	https://warroom.securestate.com/cve-2017-9769/	x_refsource_MISC
	https://www.exploit-db.com/exploits/42368/	exploit, x_refsource_EXPLOIT-DB
	http://www.rapid7.com/db/modules/exploit/windows/local/razer_zwopenprocess	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T17:18:01.814Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://warroom.securestate.com/cve-2017-9769/"
          },
          {
            "name": "42368",
            "tags": [
              "exploit",
              "x_refsource_EXPLOIT-DB",
              "x_transferred"
            ],
            "url": "https://www.exploit-db.com/exploits/42368/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.rapid7.com/db/modules/exploit/windows/local/razer_zwopenprocess"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2017-07-14T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "A specially crafted IOCTL can be issued to the rzpnk.sys driver in Razer Synapse 2.20.15.1104 that is forwarded to ZwOpenProcess allowing a handle to be opened to an arbitrary process."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-11T15:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://warroom.securestate.com/cve-2017-9769/"
        },
        {
          "name": "42368",
          "tags": [
            "exploit",
            "x_refsource_EXPLOIT-DB"
          ],
          "url": "https://www.exploit-db.com/exploits/42368/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.rapid7.com/db/modules/exploit/windows/local/razer_zwopenprocess"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2017-9769",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A specially crafted IOCTL can be issued to the rzpnk.sys driver in Razer Synapse 2.20.15.1104 that is forwarded to ZwOpenProcess allowing a handle to be opened to an arbitrary process."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://warroom.securestate.com/cve-2017-9769/",
              "refsource": "MISC",
              "url": "https://warroom.securestate.com/cve-2017-9769/"
            },
            {
              "name": "42368",
              "refsource": "EXPLOIT-DB",
              "url": "https://www.exploit-db.com/exploits/42368/"
            },
            {
              "name": "http://www.rapid7.com/db/modules/exploit/windows/local/razer_zwopenprocess",
              "refsource": "MISC",
              "url": "http://www.rapid7.com/db/modules/exploit/windows/local/razer_zwopenprocess"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2017-9769",
    "datePublished": "2017-08-02T19:00:00",
    "dateReserved": "2017-06-21T00:00:00",
    "dateUpdated": "2024-08-05T17:18:01.814Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Log in or create an account to share your comment.

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.