CVE-2023-53961

Summary

SOUND4 IMPACT/FIRST/PULSE/Eco v2.x contains a cross-site request forgery vulnerability that allows attackers to perform administrative actions without user consent. Attackers can craft malicious web pages that submit HTTP requests to the radio processing interface, triggering unintended administrative operations when a logged-in user visits the page.

Affected Software

VendorProductVersion RangeStatus
SOUND4 Ltd.Impact/Pulse/FirstVersion 2: 1.1/2.15affected
SOUND4 Ltd.Impact/Pulse Eco1.16affected
SOUND4 Ltd.BigVoice41.2affected
SOUND4 Ltd.BigVoice21.30affected
SOUND4 Ltd.Stream1.1/2.4.29affected
Kantar MediaWM21.11affected

Weaknesses

  • CWE-352: Cross-Site Request Forgery (CSRF)

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: no
    • Technical Impact: partial

Additional References

References