Unprivileged Application Exploitation of MADEFORNET HTTP Debugger through 9.12

Unprivileged Application Exploitation of MADEFORNET HTTP Debugger through 9.12

CVE-2023-35863 · MEDIUM Severity

CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:L/A:N

In MADEFORNET HTTP Debugger through 9.12, the Windows service does not set the seclevel registry key before launching the driver. Thus, it is possible for an unprivileged application to obtain a handle to the NetFilterSDK wrapper before the service obtains exclusive access.

Learn more about our Web Application Penetration Testing UK.