ГлавнаяУязвимости → CVE-2023-53965
8.4высокая

CVE-2023-53965

Описание

SOUND4 Server Service 4.1.102 contains an unquoted service path vulnerability that allows local non-privileged users to potentially execute code with elevated system privileges. Attackers can exploit the unquoted binary path by inserting malicious code in the system root path that could execute with LocalSystem privileges during service startup.

Затрагиваемое ПО
Sound4 Playout ula8 firmwareSound4 Playout ula8Sound4 Stream x8 firmwareSound4 Stream x8Sound4 Stream x4 firmwareSound4 Stream x4Sound4 Stream x2 firmwareSound4 Stream x2Sound4 Wm2 firmwareSound4 Wm2Sound4 Ip connect firmwareSound4 Ip connectSound4 Voice ula8 firmwareSound4 Voice ula8Sound4 Voice ula4 firmwareSound4 Voice ula4Sound4 Voice ula2 firmwareSound4 Voice ula2Sound4 Big voice firmwareSound4 Big voiceSound4 Pulse eco firmwareSound4 Pulse ecoSound4 Impact eco firmwareSound4 Impact ecoSound4 First firmware
CVSS
Балл8.4 — высокая
ВекторCVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Источники
https://web.archive.org/web/20221207074555/https://www.sound4.com/https://www.exploit-db.com/exploits/51167https://www.vulncheck.com/advisories/sound-server-service-local-privilege-escalation-via-unquoted-service-pathhttps://www.zeroscience.mk/en/vulnerabilities/ZSL-2022-5721.phphttps://www.zeroscience.mk/en/vulnerabilities/ZSL-2022-5721.php