PT-2023-25644 · Malwarebytes · Malwarebytes Binisoft Windows Firewall Control
Published
2023-06-26
·
Updated
2024-09-11
·
CVE-2023-36631
CVSS v3.1
7.8
High
| Vector | AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Malwarebytes Binisoft Windows Firewall Control version 6.9.2.0
Description
The issue concerns a lack of access control in the wfc.exe component of Malwarebytes Binisoft Windows Firewall Control, allowing local unprivileged users to bypass Windows Firewall restrictions via the user interface's rules tab. The vendor considers this behavior intended, as the application can be locked using a password.
Recommendations
For Malwarebytes Binisoft Windows Firewall Control version 6.9.2.0, consider locking the application using a password to restrict unauthorized access, as suggested by the vendor's perspective on the issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Exploit
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Malwarebytes Binisoft Windows Firewall Control