exploitDog

CVE-2023-35863

Опубликовано: 05 июл. 2023

Источник: nvd

CVSS3: 5.3

EPSS Низкий

Описание

In MADEFORNET HTTP Debugger through 9.12, the Windows service does not set the seclevel registry key before launching the driver. Thus, it is possible for an unprivileged application to obtain a handle to the NetFilterSDK wrapper before the service obtains exclusive access.

Ссылки

https://ctrl-c.club/~blue/nfsdk.html
Exploit
Technical Description
Third Party Advisory
https://www.madefornet.com/products.html
Product
https://www.michaelrowley.dev/research/posts/nfsdk/nfsdk.html
Broken Link
https://ctrl-c.club/~blue/nfsdk.html
Exploit
Technical Description
Third Party Advisory
https://www.madefornet.com/products.html
Product
https://www.michaelrowley.dev/research/posts/nfsdk/nfsdk.html
Broken Link

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:madefornet:http_debugger:*:*:*:*:*:*:*:*

Версия до 9.12 (включая)

EPSS

Процентиль: 10%

0.00036

Низкий

5.3 Medium

CVSS3

Дефекты

CWE-362

Связанные уязвимости

GHSA-6634-g827-cg9w

CVSS3: 5.3

github

больше 2 лет назад

In MADEFORNET HTTP Debugger through 9.12, the Windows service does not set the seclevel registry key before launching the driver. Thus, it is possible for an unprivileged application to obtain a handle to the NetFilterSDK wrapper before the service obtains exclusive access.

EPSS

Процентиль: 10%

0.00036

Низкий

5.3 Medium

CVSS3

Дефекты

CWE-362