SOUND4 Server Service 4.1.102 contains an unquoted service path vulnerability that allows local non-privileged users to potentially execute code with elevated system privileges. Attackers can exploit the unquoted binary path by inserting malicious code in the system root path that could execute with LocalSystem privileges during service startup.
oryginał ENCVSS Vector
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:XSound4 Big Voice
HWSound4wszystkie wersjeSound4 Big Voice Firmware
OSSound44.1.102Sound4 First
HWSound4wszystkie wersjeSound4 First Firmware
OSSound44.1.102Sound4 Impact
HWSound4wszystkie wersjeSound4 Impact Eco
HWSound4wszystkie wersjeSound4 Impact Eco Firmware
OSSound44.1.102Sound4 Impact Firmware
OSSound44.1.102Sound4 Ip Connect
HWSound4wszystkie wersjeSound4 Ip Connect Firmware
OSSound44.1.102Sound4 Playout Ula8
HWSound4wszystkie wersjeSound4 Playout Ula8 Firmware
OSSound44.1.102Sound4 Pulse
HWSound4wszystkie wersjeSound4 Pulse Eco
HWSound4wszystkie wersjeSound4 Pulse Eco Firmware
OSSound44.1.102Sound4 Pulse Firmware
OSSound44.1.102Sound4 Stream X2
HWSound4wszystkie wersjeSound4 Stream X2 Firmware
OSSound44.1.102Sound4 Stream X4
HWSound4wszystkie wersjeSound4 Stream X4 Firmware
OSSound44.1.102Sound4 Stream X8
HWSound4wszystkie wersjeSound4 Stream X8 Firmware
OSSound44.1.102Sound4 Voice Ula2
HWSound4wszystkie wersjeSound4 Voice Ula2 Firmware
OSSound44.1.102Sound4 Voice Ula4
HWSound4wszystkie wersjeSound4 Voice Ula4 Firmware
OSSound44.1.102Sound4 Voice Ula8
HWSound4wszystkie wersjeSound4 Voice Ula8 Firmware
OSSound44.1.102Sound4 Wm2
HWSound4wszystkie wersjeSound4 Wm2 Firmware
OSSound44.1.102
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
CWE
Powiązane podatności
CVE-2022-50796CRITICAL9.3PL ✓ten sam produkt
RCE i path traversal w firmware upload SOUND4 IMPACT/FIRST/PULSE/Eco
CVE-2022-50794CRITICAL9.3PL ✓ten sam produkt
Command injection w parametrze username — SOUND4 IMPACT/FIRST/PULSE/Eco
CVE-2022-50696CRITICAL9.3PL ✓ten sam produkt
Zakodowane na stałe dane logowania w urządzeniach SOUND4 IMPACT/FIRST/PULSE/Eco
CVE-2023-53955CRITICAL9.3PL ✓ten sam produkt
IDOR w SOUND4 IMPACT/FIRST/PULSE/Eco v2.x — pominięcie autoryzacji
CVE-2023-53960CRITICAL9.3PL ✓ten sam produkt
SQL Injection w mechanizmie logowania SOUND4 IMPACT/FIRST/PULSE/Eco