9.8

CVE-2023-53955

Exploit
SOUND4 IMPACT/FIRST/PULSE/Eco v2.x contains an insecure direct object reference vulnerability that allows attackers to bypass authorization and access hidden system resources. Attackers can exploit the vulnerability by manipulating user-supplied input to execute privileged functionalities without proper authentication.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Sound4Impact Firmware Version2.15
   Sound4Impact Version2.0
Sound4Impact Firmware Version1.69
   Sound4Impact Version1.0
Sound4Pulse Firmware Version2.15
   Sound4Pulse Version2.0
Sound4Pulse Firmware Version1.69
   Sound4Pulse Version1.0
Sound4First Firmware Version2.15
   Sound4First Version2.0
Sound4First Firmware Version1.69
   Sound4First Version1.0
Sound4Impact Eco Firmware Version1.16
   Sound4Impact Eco Version-
Sound4Pulse Eco Firmware Version1.16
   Sound4Pulse Eco Version-
Sound4Big Voice4 Firmware Version1.2
   Sound4Big Voice4 Version-
Sound4Big Voice2 Firmware Version1.30
   Sound4Big Voice2 Version-
Sound4Wm2 Firmware Version1.11
   Sound4Wm2 Version-
Sound4Stream Extension Version2.4.29
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.57% 0.682
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
disclosure@vulncheck.com 9.3 0 0
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
disclosure@vulncheck.com 9.8 3.9 5.9
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE-639 Authorization Bypass Through User-Controlled Key

The system's authorization functionality does not prevent one user from gaining access to another user's data or record by modifying the key value identifying the data.

https://www.exploit-db.com/exploits/51169
Third Party Advisory
Exploit
VDB Entry