CVE-2023-54353

Chromacam 4.0.3.0 Unquoted Service Path Privilege Escalation

CVSS 8.5 HIGHEPSS 0.1%CWE-428

Chromacam 4.0.3.0 contains an unquoted service path vulnerability in the PsyFrameGrabberService that allows local attackers to execute arbitrary code by placing malicious executables in unquoted path directories. Attackers with write access to C:\ or subdirectories like C:\Program Files (x86)\Personify\ can place a malicious Program.exe or PsyFrameGrabberService.exe file that executes with LocalSystem privileges when the service starts automatically at boot.

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Affected products

Personifyinc · Chromacam

public PoCs found — 1

cve_referencewww.exploit-db.com/exploits/51210unverified

⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://personifyinc.com/https://personifyinc.com/download/chromacam https://www.exploit-db.com/exploits/51210 https://www.vulncheck.com/advisories/chromacam-unquoted-service-path-privilege-escalation