CVE-2023-54353 | Chromacam 4.0.3.0 contains an unquoted service path vulnerab… | CVSS 7.8 HIGH

Description

Chromacam 4.0.3.0 contains an unquoted service path vulnerability in the PsyFrameGrabberService that allows local attackers to execute arbitrary code by placing malicious executables in unquoted path directories. Attackers with write access to C:\ or subdirectories like C:\Program Files (x86)\Personify\ can place a malicious Program.exe or PsyFrameGrabberService.exe file that executes with LocalSystem privileges when the service starts automatically at boot.

Metadata

CVE ID: CVE-2023-54353
State: PUBLISHED
Assigner: VulnCheck
Reserved: 2026-01-10 01:51 UTC
Published: 2026-06-19 14:16 UTC
Last updated: 2026-06-19 14:16 UTC
Primary CWE: CWE-428
Unquoted Search Path or Element
Vendor / Product: Personifyinc / Chromacam
Sources: cve.org · NVD

Severity & Metrics

7.8 HIGH CVSS 3.1

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected products (1)

Vendor	Product	Platform	Versions
Personifyinc	Chromacam	—	4.0.3.0

Weakness (CWE)

CWE	Source	Description
CWE-428	cna	Unquoted Search Path or Element

CVSS scores (2)

Score	Severity	Version	Source	Vector
8.5	HIGH	4.0	cna	CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
7.8	HIGH	3.1	cna	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

References (4)

ExploitDB-51210 https://www.exploit-db.com/exploits/51210
Official Product Homepage https://personifyinc.com/
Product Reference https://personifyinc.com/download/chromacam
VulnCheck Advisory: Chromacam 4.0.3.0 Unquoted Service Path Privilege Escalation https://www.vulncheck.com/advisories/chromacam-unquoted-service-path-privilege-escalation