CVE-2023-35863

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2023-35863
In MADEFORNET HTTP Debugger through 9.12, the Windows service does not set the seclevel registry key before launching the driver. Thus, it is possible for an unprivileged application to obtain a handle to the NetFilterSDK wrapper before the service obtains exclusive access.

5.3 /10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 1.0 / Impact : 4.2

Attack Vector LOCAL

Attack Complexity HIGH

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact LOW

Availability Impact NONE

Scope UNCHANGED

References
Link Resource
https://ctrl-c.club/~blue/nfsdk.html Exploit Technical Description Third Party Advisory
https://www.madefornet.com/products.html Product
https://www.michaelrowley.dev/research/posts/nfsdk/nfsdk.html Broken Link
https://ctrl-c.club/~blue/nfsdk.html Exploit Technical Description Third Party Advisory
https://www.madefornet.com/products.html Product
https://www.michaelrowley.dev/research/posts/nfsdk/nfsdk.html Broken Link
Configurations

Configuration 1 (hide)

cpe:2.3:a:madefornet:http_debugger:*:*:*:*:*:*:*:*
History

21 Nov 2024, 08:08

Type Values Removed Values Added
References () https://ctrl-c.club/~blue/nfsdk.html - Exploit, Technical Description, Third Party Advisory () https://ctrl-c.club/~blue/nfsdk.html - Exploit, Technical Description, Third Party Advisory
References () https://www.madefornet.com/products.html - Product () https://www.madefornet.com/products.html - Product
References () https://www.michaelrowley.dev/research/posts/nfsdk/nfsdk.html - Broken Link () https://www.michaelrowley.dev/research/posts/nfsdk/nfsdk.html - Broken Link

14 Jul 2023, 15:43

Type Values Removed Values Added
CVSS v2 : unknown
v3 : unknown 		v2 : unknown
v3 : 5.3
CWE CWE-362
First Time Madefornet http Debugger
Madefornet
References (MISC) https://ctrl-c.club/~blue/nfsdk.html - (MISC) https://ctrl-c.club/~blue/nfsdk.html - Exploit, Technical Description, Third Party Advisory
References (MISC) https://www.michaelrowley.dev/research/posts/nfsdk/nfsdk.html - (MISC) https://www.michaelrowley.dev/research/posts/nfsdk/nfsdk.html - Broken Link
References (MISC) https://www.madefornet.com/products.html - (MISC) https://www.madefornet.com/products.html - Product
CPE cpe:2.3:a:madefornet:http_debugger:*:*:*:*:*:*:*:*

05 Jul 2023, 18:15

Type Values Removed Values Added
New CVE
Information

Published : 2023-07-05 18:15

Updated : 2024-11-21 08:08

NVD link : CVE-2023-35863

Mitre link : CVE-2023-35863

CVE.ORG link : CVE-2023-35863

JSON object : View

Products Affected

madefornet

  • http_debugger
CWE
CWE-362

Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')


NetmanageIT Website NetmanageIT OSINT Web NetmanageIT OpenCTI NetmanageIT PDF Tools NetmanageIT CTO Corner Blog NetmanageIT Email Header Analyzer NetmanageIT Password Pusher NetmanageIT Internet Health and Latency Dashboard NetmanageIT Dedicated Speed Test Site NetmanageIT Ubuntu Mirror 10Gbps Copyright OpenCVE 2024