CVE-2023-54353

HIGH SEVERITY

CVSS Score & Metrics

Base Score

7.8 / 10

Vector String

                                        CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H                                    

Vulnerability Description

Chromacam 4.0.3.0 contains an unquoted service path vulnerability in the PsyFrameGrabberService that allows local attackers to execute arbitrary code by placing malicious executables in unquoted path directories. Attackers with write access to C:\ or subdirectories like C:\Program Files (x86)\Personify\ can place a malicious Program.exe or PsyFrameGrabberService.exe file that executes with LocalSystem privileges when the service starts automatically at boot.

Vulnerability Details

Published Date

June 19, 2026

Last Modified

June 19, 2026

CWE ID

CWE-428

Source

NVD

Vendor

Personifyinc

Product

Chromacam

External References

https://personifyinc.com/
https://personifyinc.com/download/chromacam
https://www.exploit-db.com/exploits/51210
https://www.vulncheck.com/advisories/chromacam-unquoted-service-path-privilege-escalation

CVE-2023-54353

CVSS Score & Metrics

Vulnerability Description

Vulnerability Details

External References

Discussion (0)

Add Comment