Lucene search

[email protected]NVD:CVE-2023-35863

HistoryJul 05, 2023 - 6:15 p.m.

CVE-2023-35863

2023-07-0518:15:10

CWE-362

[email protected]

web.nvd.nist.gov

cve-2023-35863

registry key

netfiltersdk

windows service

CVSS3

5.3

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:L/A:N

AI Score

5.2

Confidence

High

EPSS

0.001

Percentile

25.8%

JSON

In MADEFORNET HTTP Debugger through 9.12, the Windows service does not set the seclevel registry key before launching the driver. Thus, it is possible for an unprivileged application to obtain a handle to the NetFilterSDK wrapper before the service obtains exclusive access.

Affected configurations

Nvd

Node

madefornethttp_debuggerRange≤9.12

VendorProductVersionCPE
madefornethttp_debugger*cpe:2.3:a:madefornet:http_debugger:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
madefornet	http_debugger	*	cpe:2.3:a:madefornet:http_debugger::::::::

References

ctrl-c.club/~blue/nfsdk.html

www.madefornet.com/products.html

www.michaelrowley.dev/research/posts/nfsdk/nfsdk.html

CVSS3

5.3

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:L/A:N

AI Score

5.2

Confidence

High

EPSS

0.001

Percentile

25.8%

JSON

Related for NVD:CVE-2023-35863

prion1 cve1 cvelist1