CVE-2023-36631
Last modified
CVE-2023-36631 is a high-severity vulnerability rated 7.8/10 on the CVSS scale. Lack of access control in wfc.exe in Malwarebytes Binisoft Windows Firewall Control 6.9.2.0 allows local unprivileged users to bypass Windows Firewall restrictions via the user interface's rules tab. NOTE: the vendor's perspective is "this is intended behavior as the application can be locked using a password.". EPSS estimates a 0.64% chance of exploitation in the next 30 days.
Description
Lack of access control in wfc.exe in Malwarebytes Binisoft Windows Firewall Control 6.9.2.0 allows local unprivileged users to bypass Windows Firewall restrictions via the user interface's rules tab. NOTE: the vendor's perspective is "this is intended behavior as the application can be locked using a password."
Metrics
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Malwarebytes | Binisoft Windows Firewall Control | 6.9.2.0 |
References
- https://hackerone.com/reports/2000375Permissions Required
- https://hackerone.com/reports/2000375Permissions Required
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2023-36631?
How severe is CVE-2023-36631?
How do I fix CVE-2023-36631?
Are you affected by CVE-2023-36631?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST