Access Control Issues in Malwarebytes Binisoft Windows Firewall Control
CVE-2023-36631

7.8HIGH

Key Information:

Vendor: Malwarebytes
Status: Binisoft Windows Firewall Control
Vendor: CVE Published:; 26 June 2023

🔔 Create Malwarebytes Vulnerability Alert

What is CVE-2023-36631?

The Malwarebytes Binisoft Windows Firewall Control version 6.9.2.0 contains an access control vulnerability in its user interface. This flaw allows local unprivileged users to exploit the rules tab and circumvent established Windows Firewall restrictions. While the vendor states that this behavior can be mitigated through the use of a password to lock the application, the absence of robust access control measures poses a potential security risk for users. It's crucial for system administrators to assess their configurations and implement appropriate security measures to safeguard their firewall settings effectively.

References

https://hackerone.com/reports/2000375

https://www.bencteux.fr/posts/malwarebytes_wfc/

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 26, 2023
Vulnerability Reserved
Jun 25, 2023

CVE-2023-36631 Data

JSON