CVE-2023-53965

SOUND4 Server Service 4.1.102 Local Privilege Escalation via Unquoted Service Path

CVSS 8.6 HIGHEPSS 0.2%CWE-428

SOUND4 Server Service 4.1.102 contains an unquoted service path vulnerability that allows local non-privileged users to potentially execute code with elevated system privileges. Attackers can exploit the unquoted binary path by inserting malicious code in the system root path that could execute with LocalSystem privileges during service startup.

CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Affected products

SOUND4 Ltd. · SOUND4 Server Service

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://web.archive.org/web/20221207074555/https://www.sound4.com/https://www.exploit-db.com/exploits/51167 https://www.vulncheck.com/advisories/sound-server-service-local-privilege-escalation-via-unquoted-service-path https://www.zeroscience.mk/en/vulnerabilities/ZSL-2022-5721.php