CVE-2023-54353

Chromacam 4.0.3.0 Unquoted Service Path Privilege Escalation

CVSS 8.5 HIGHEPSS 0.1%CWE-428

Chromacam 4.0.3.0 contains an unquoted service path vulnerability in the PsyFrameGrabberService that allows local attackers to execute arbitrary code by placing malicious executables in unquoted path directories. Attackers with write access to C:\ or subdirectories like C:\Program Files (x86)\Personify\ can place a malicious Program.exe or PsyFrameGrabberService.exe file that executes with LocalSystem privileges when the service starts automatically at boot.

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Productos afectados

Personifyinc · Chromacam

PoCs públicas encontradas — 1

cve_referencewww.exploit-db.com/exploits/51210no verificado

⚠ Recursos públicos, para evaluar la exposición de sistemas que controlas o estás autorizado a probar. Prueba solo con autorización.

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →

Referencias

https://personifyinc.com/https://personifyinc.com/download/chromacam https://www.exploit-db.com/exploits/51210 https://www.vulncheck.com/advisories/chromacam-unquoted-service-path-privilege-escalation