CVE-2023-53965

Exploit

EPSS 0.03%
Veröffentlicht 22.12.2025 21:35:29
Zuletzt bearbeitet 29.01.2026 16:11:32
Quelle disclosure@vulncheck.com
CVE-Watchlists
Login
Unerledigt
Login

SOUND4 Server Service 4.1.102 contains an unquoted service path vulnerability that allows local non-privileged users to potentially execute code with elevated system privileges. Attackers can exploit the unquoted binary path by inserting malicious code in the system root path that could execute with LocalSystem privileges during service startup.

Betroffene Produkte Warnungen 0 Metriken 4 CWE 1 Referenzen 7

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Sound4 ≫ Impact Firmware Version4.1.102

Sound4 ≫ Impact Version-

Sound4 ≫ Pulse Firmware Version4.1.102

Sound4 ≫ Pulse Version-

Sound4 ≫ First Firmware Version4.1.102

Sound4 ≫ First Version-

Sound4 ≫ Impact Eco Firmware Version4.1.102

Sound4 ≫ Impact Eco Version-

Sound4 ≫ Pulse Eco Firmware Version4.1.102

Sound4 ≫ Pulse Eco Version-

Sound4 ≫ Big Voice Firmware Version4.1.102

Sound4 ≫ Big Voice Version-

Sound4 ≫ Voice Ula2 Firmware Version4.1.102

Sound4 ≫ Voice Ula2 Version-

Sound4 ≫ Voice Ula4 Firmware Version4.1.102

Sound4 ≫ Voice Ula4 Version-

Sound4 ≫ Voice Ula8 Firmware Version4.1.102

Sound4 ≫ Voice Ula8 Version-

Sound4 ≫ Ip Connect Firmware Version4.1.102

Sound4 ≫ Ip Connect Version-

Sound4 ≫ Wm2 Firmware Version4.1.102

Sound4 ≫ Wm2 Version-

Sound4 ≫ Stream X2 Firmware Version4.1.102

Sound4 ≫ Stream X2 Version-

Sound4 ≫ Stream X4 Firmware Version4.1.102

Sound4 ≫ Stream X4 Version-

Sound4 ≫ Stream X8 Firmware Version4.1.102

Sound4 ≫ Stream X8 Version-

Sound4 ≫ Playout Ula8 Firmware Version4.1.102

Sound4 ≫ Playout Ula8 Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.03%	0.068

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.8	1.8	5.9	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
disclosure@vulncheck.com	8.6	0	0	CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
disclosure@vulncheck.com	8.4	2.5	5.9	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE-428 Unquoted Search Path or Element

The product uses a search path that contains an unquoted element, in which the element contains whitespace or other separators. This can cause the product to access resources in a parent path.

https://web.archive.org/web/20221207074555/https://www.sound4.com/

Product

https://www.exploit-db.com/exploits/51167

Third Party Advisory

Exploit

https://www.zeroscience.mk/en/vulnerabilities/ZSL-2022-5721.php

Third Party Advisory

Exploit

https://www.vulncheck.com/advisories/sound-server-service-local-privilege-escalation-via-unquoted-service-path

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2023-53965

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-53965

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-53965

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2023-53965