CVE-2023-36631

Published: Jun 26, 2023Modified: Nov 21, 2024

7.8

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 1.8 / Impact: 5.9

Source: NVD

Description

Lack of access control in wfc.exe in Malwarebytes Binisoft Windows Firewall Control 6.9.2.0 allows local unprivileged users to bypass Windows Firewall restrictions via the user interface's rules tab. NOTE: the vendor's perspective is "this is intended behavior as the application can be locked using a password."

Affected (1)

Products: Malwarebytes: Binisoft Windows Firewall Control

1 product

Binisoft Windows Firewall Control

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Malwarebytes Binisoft Windows Firewall Control	Version 6.9.2.0

References (4)

https://hackerone.com/reports/2000375

Source: cve@mitre.org

Permissions Required

https://www.bencteux.fr/posts/malwarebytes_wfc/

Source: cve@mitre.org

Exploit

https://hackerone.com/reports/2000375

Source: af854a3a-2127-422b-91ae-364da2661108

Permissions Required

https://www.bencteux.fr/posts/malwarebytes_wfc/

Source: af854a3a-2127-422b-91ae-364da2661108

Exploit

Timeline

No history available yet.