In MADEFORNET HTTP Debugger through 9.12, the Windows service does not set the seclevel registry key before launching the driver. Thus, it is possible for an unprivileged application to obtain a handle to the NetFilterSDK wrapper before the service obtains exclusive access.
References
Link | Resource |
---|---|
https://ctrl-c.club/~blue/nfsdk.html | Exploit Technical Description Third Party Advisory |
https://www.madefornet.com/products.html | Product |
https://www.michaelrowley.dev/research/posts/nfsdk/nfsdk.html | Broken Link |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2023-07-05T00:00:00
Updated: 2023-07-05T00:00:00
Reserved: 2023-06-19T00:00:00
Link: CVE-2023-35863
JSON object: View
NVD Information
Status : Analyzed
Published: 2023-07-05T18:15:10.420
Modified: 2023-07-14T15:43:56.137
Link: CVE-2023-35863
JSON object: View
Redhat Information
No data.
CWE