ГлавнаяУязвимости → CVE-2023-54353
7.8высокая

CVE-2023-54353

Описание

Chromacam 4.0.3.0 contains an unquoted service path vulnerability in the PsyFrameGrabberService that allows local attackers to execute arbitrary code by placing malicious executables in unquoted path directories. Attackers with write access to C:\ or subdirectories like C:\Program Files (x86)\Personify\ can place a malicious Program.exe or PsyFrameGrabberService.exe file that executes with LocalSystem privileges when the service starts automatically at boot.

CVSS
Балл7.8 — высокая
ВекторCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Источники
https://personifyinc.com/https://personifyinc.com/download/chromacamhttps://www.exploit-db.com/exploits/51210https://www.vulncheck.com/advisories/chromacam-unquoted-service-path-privilege-escalation