CVE-2023-53965

HIGH

SOUND4 Server Service 4.1.102 - Privilege Escalation

Title source: llm

Description

SOUND4 Server Service 4.1.102 contains an unquoted service path vulnerability that allows local non-privileged users to potentially execute code with elevated system privileges. Attackers can exploit the unquoted binary path by inserting malicious code in the system root path that could execute with LocalSystem privileges during service startup.

Exploits (1)

exploitdb WRITEUP

by LiquidWorm · textlocalwindows

https://www.exploit-db.com/exploits/51167

View Code ZIP pw:eip

References (4)

[Product] https://web.archive.org/web/20221207074555/https://www.sound4.com/

[Exploit, Third Party Advisory] https://www.exploit-db.com/exploits/51167

[Third Party Advisory] https://www.vulncheck.com/advisories/sound-server-service-local-privilege-escalation-via-unquoted-service-path

[Third Party Advisory, Exploit] https://www.zeroscience.mk/en/vulnerabilities/ZSL-2022-5721.php

Scores

CVSS v3 8.4

EPSS 0.0003

EPSS Percentile 9.6%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-428

Status published

Products (15)

sound4/big_voice_firmware 4.1.102

sound4/first_firmware 4.1.102

sound4/impact_eco_firmware 4.1.102

sound4/impact_firmware 4.1.102

sound4/ip_connect_firmware 4.1.102

sound4/playout_ula8_firmware 4.1.102

sound4/pulse_eco_firmware 4.1.102

sound4/pulse_firmware 4.1.102

sound4/stream_x2_firmware 4.1.102

sound4/stream_x4_firmware 4.1.102

... and 5 more

Published Dec 22, 2025

Tracked Since Feb 18, 2026