CVE-2023-53965

moderate-risk

Published 2025-12-22

SOUND4 Server Service 4.1.102 contains an unquoted service path vulnerability that allows local non-privileged users to potentially execute code with elevated system privileges. Attackers can exploit the unquoted binary path by inserting malicious code in the system root path that could execute with LocalSystem privileges during service startup.

Do I need to act?

0.03% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 8.4/10 High

LOCAL / LOW complexity

Affected Products (15)

Impact Firmware

Pulse Firmware

First Firmware

Impact Eco Firmware

Pulse Eco Firmware

Big Voice Firmware

Voice Ula2 Firmware

Voice Ula4 Firmware

Voice Ula8 Firmware

Ip Connect Firmware

Wm2 Firmware

Stream X2 Firmware

Stream X4 Firmware

Stream X8 Firmware

Playout Ula8 Firmware

Affected Vendors

Sound4

References (5)

Product https://web.archive.org/web/20221207074555/https://www.sound4.com/

Exploit https://www.exploit-db.com/exploits/51167

Third Party Advisory https://www.vulncheck.com/advisories/sound-server-service-local-privilege-escala...

Third Party Advisory https://www.zeroscience.mk/en/vulnerabilities/ZSL-2022-5721.php

/ 100

moderate-risk

Severity 26/34 · High

Exploitability 0/34 · Minimal

Exposure 18/34 · Moderate