Unprivileged Application Exploitation of MADEFORNET HTTP Debugger through 9.12
CVE-2023-35863 · MEDIUM Severity
CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:L/A:N
In MADEFORNET HTTP Debugger through 9.12, the Windows service does not set the seclevel registry key before launching the driver. Thus, it is possible for an unprivileged application to obtain a handle to the NetFilterSDK wrapper before the service obtains exclusive access.
Learn more about our Web Application Penetration Testing UK.