CVE-2023-53965
Severity CVSS v4.0:
HIGH
Type:
CWE-428
Unquoted Search Path or Element
Publication date:
22/12/2025
Last modified:
29/01/2026
Description
SOUND4 Server Service 4.1.102 contains an unquoted service path vulnerability that allows local non-privileged users to potentially execute code with elevated system privileges. Attackers can exploit the unquoted binary path by inserting malicious code in the system root path that could execute with LocalSystem privileges during service startup.
Impact
Base Score 4.0
8.60
Severity 4.0
HIGH
Base Score 3.x
8.40
Severity 3.x
HIGH
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:o:sound4:impact_firmware:4.1.102:*:*:*:*:*:*:* | ||
| cpe:2.3:h:sound4:impact:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:sound4:pulse_firmware:4.1.102:*:*:*:*:*:*:* | ||
| cpe:2.3:h:sound4:pulse:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:sound4:first_firmware:4.1.102:*:*:*:*:*:*:* | ||
| cpe:2.3:h:sound4:first:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:sound4:impact_eco_firmware:4.1.102:*:*:*:*:*:*:* | ||
| cpe:2.3:h:sound4:impact_eco:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:sound4:pulse_eco_firmware:4.1.102:*:*:*:*:*:*:* | ||
| cpe:2.3:h:sound4:pulse_eco:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:sound4:big_voice_firmware:4.1.102:*:*:*:*:*:*:* | ||
| cpe:2.3:h:sound4:big_voice:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:sound4:voice_ula2_firmware:4.1.102:*:*:*:*:*:*:* | ||
| cpe:2.3:h:sound4:voice_ula2:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:sound4:voice_ula4_firmware:4.1.102:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- https://web.archive.org/web/20221207074555/https://www.sound4.com/
- https://www.exploit-db.com/exploits/51167
- https://www.vulncheck.com/advisories/sound-server-service-local-privilege-escalation-via-unquoted-service-path
- https://www.zeroscience.mk/en/vulnerabilities/ZSL-2022-5721.php
- https://www.zeroscience.mk/en/vulnerabilities/ZSL-2022-5721.php