CVE-2023-53965

SOUND4 Server Service 4.1.102 Local Privilege Escalation via Unquoted Service Path

CVSS 8.6 HIGHEPSS 0.2%CWE-428

Vexday Risk Score

21Baixo

Decisão SSVC (CISA)

Track

Sem sinal de exploração → monitorar

CVSS 8.6EPSS 0.2%KEV nãoPoC —Nuclei —Metasploit —Patch —

Ciclo de vida

22 dez 2025Publicada no NVD

Recomendação: Monitorar — sem sinal de exploração no momento.

SOUND4 Server Service 4.1.102 contains an unquoted service path vulnerability that allows local non-privileged users to potentially execute code with elevated system privileges. Attackers can exploit the unquoted binary path by inserting malicious code in the system root path that could execute with LocalSystem privileges during service startup.

CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Produtos afetados

SOUND4 Ltd. · SOUND4 Server Service

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →

Referências

https://web.archive.org/web/20221207074555/https://www.sound4.com/https://www.exploit-db.com/exploits/51167 https://www.vulncheck.com/advisories/sound-server-service-local-privilege-escalation-via-unquoted-service-path https://www.zeroscience.mk/en/vulnerabilities/ZSL-2022-5721.php