Vulnerability Description
In MADEFORNET HTTP Debugger through 9.12, the Windows service does not set the seclevel registry key before launching the driver. Thus, it is possible for an unprivileged application to obtain a handle to the NetFilterSDK wrapper before the service obtains exclusive access.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Madefornet | Http Debugger | <= 9.12 |
Related Weaknesses (CWE)
References
- https://ctrl-c.club/~blue/nfsdk.htmlExploitTechnical DescriptionThird Party Advisory
- https://www.madefornet.com/products.htmlProduct
- https://www.michaelrowley.dev/research/posts/nfsdk/nfsdk.htmlBroken Link
- https://ctrl-c.club/~blue/nfsdk.htmlExploitTechnical DescriptionThird Party Advisory
- https://www.madefornet.com/products.htmlProduct
- https://www.michaelrowley.dev/research/posts/nfsdk/nfsdk.htmlBroken Link
FAQ
What is CVE-2023-35863?
CVE-2023-35863 is a vulnerability with a CVSS score of 5.3 (MEDIUM). In MADEFORNET HTTP Debugger through 9.12, the Windows service does not set the seclevel registry key before launching the driver. Thus, it is possible for an unprivileged application to obtain a handl...
How severe is CVE-2023-35863?
CVE-2023-35863 has been rated MEDIUM with a CVSS base score of 5.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2023-35863?
Check the references section above for vendor advisories and patch information. Affected products include: Madefornet Http Debugger.