CVE-2023-53965

EUVD-2023-60227
SOUND4 Server Service 4.1.102 contains an unquoted service path vulnerability that allows local non-privileged users to potentially execute code with elevated system privileges. Attackers can exploit the unquoted binary path by inserting malicious code in the system root path that could execute with LocalSystem privileges during service startup.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
8.4 HIGH
LOCAL
LOW
NONE
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
VulnCheckCNA
8.4 HIGH
LOCAL
LOW
NONE
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 5%
Affected Products (NVD)
VendorProductVersion
sound4impact_firmware
4.1.102
sound4pulse_firmware
4.1.102
sound4first_firmware
4.1.102
sound4impact_eco_firmware
4.1.102
sound4pulse_eco_firmware
4.1.102
sound4big_voice_firmware
4.1.102
sound4voice_ula2_firmware
4.1.102
sound4voice_ula4_firmware
4.1.102
sound4voice_ula8_firmware
4.1.102
sound4ip_connect_firmware
4.1.102
sound4wm2_firmware
4.1.102
sound4stream_x2_firmware
4.1.102
sound4stream_x4_firmware
4.1.102
sound4stream_x8_firmware
4.1.102
sound4playout_ula8_firmware
4.1.102
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://web.archive.org/web/20221207074555/https://www.sound4.com/
https://www.exploit-db.com/exploits/51167
https://www.vulncheck.com/advisories/sound-server-service-local-privilege-escalation-via-unquoted-service-path
https://www.zeroscience.mk/en/vulnerabilities/ZSL-2022-5721.php
https://www.zeroscience.mk/en/vulnerabilities/ZSL-2022-5721.php