CVE-2023-53965 — HIGH (8.4)

Vulnerability Description

SOUND4 Server Service 4.1.102 contains an unquoted service path vulnerability that allows local non-privileged users to potentially execute code with elevated system privileges. Attackers can exploit the unquoted binary path by inserting malicious code in the system root path that could execute with LocalSystem privileges during service startup.

CVSS Score

8.4

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Sound4	Impact Firmware	4.1.102
Sound4	Impact	-
Sound4	Pulse Firmware	4.1.102
Sound4	Pulse	-
Sound4	First Firmware	4.1.102
Sound4	First	-
Sound4	Impact Eco Firmware	4.1.102
Sound4	Impact Eco	-
Sound4	Pulse Eco Firmware	4.1.102
Sound4	Pulse Eco	-
Sound4	Big Voice Firmware	4.1.102
Sound4	Big Voice	-
Sound4	Voice Ula2 Firmware	4.1.102
Sound4	Voice Ula2	-
Sound4	Voice Ula4 Firmware	4.1.102
Sound4	Voice Ula4	-
Sound4	Voice Ula8 Firmware	4.1.102
Sound4	Voice Ula8	-
Sound4	Ip Connect Firmware	4.1.102
Sound4	Ip Connect	-

Related Weaknesses (CWE)

CWE-428

References

https://web.archive.org/web/20221207074555/https://www.sound4.com/Product
https://www.exploit-db.com/exploits/51167ExploitThird Party Advisory
https://www.vulncheck.com/advisories/sound-server-service-local-privilege-escalaThird Party Advisory
https://www.zeroscience.mk/en/vulnerabilities/ZSL-2022-5721.phpThird Party AdvisoryExploit
https://www.zeroscience.mk/en/vulnerabilities/ZSL-2022-5721.phpThird Party AdvisoryExploit

FAQ

What is CVE-2023-53965?

CVE-2023-53965 is a vulnerability with a CVSS score of 8.4 (HIGH). SOUND4 Server Service 4.1.102 contains an unquoted service path vulnerability that allows local non-privileged users to potentially execute code with elevated system privileges. Attackers can exploit ...

How severe is CVE-2023-53965?

CVE-2023-53965 has been rated HIGH with a CVSS base score of 8.4/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2023-53965?

Check the references section above for vendor advisories and patch information. Affected products include: Sound4 Impact Firmware, Sound4 Impact, Sound4 Pulse Firmware, Sound4 Pulse, Sound4 First Firmware.