PT-2023-25352 · Madefornet · Madefornet Http Debugger
Published
2023-07-05
·
Updated
2023-07-14
·
CVE-2023-35863
CVSS v3.1
5.3
Medium
| Vector | AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
MADEFORNET HTTP Debugger versions 9.12 and earlier
Description
The issue arises because the Windows service in MADEFORNET HTTP Debugger does not set the seclevel registry key before launching the driver. This allows an unprivileged application to obtain a handle to the NetFilterSDK wrapper before the service gains exclusive access.
Recommendations
For MADEFORNET HTTP Debugger versions 9.12 and earlier, consider setting the seclevel registry key manually before launching the driver to prevent unprivileged applications from obtaining a handle to the NetFilterSDK wrapper.
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Exploit
Race Condition
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Madefornet Http Debugger