CVE-2023-36631

CVSS 3.1 Score 7.8 of 10 (high)

Details

Published Jun 26, 2023

Updated: Aug 2, 2024

Summary

CVE-2023-36631 is a vulnerability affecting Malwarebytes Binisoft Windows Firewall Control 6.9.2.0. The issue lies in the wfc.exe component where access controls are missing, enabling local unprivileged users to manipulate Windows Firewall restrictions via the user interface's rules tab. Despite the vendor's stance that this behavior is intended and can be secured with a password, it poses a potential security risk by allowing unauthorized modifications to the firewall configuration.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Malwarebytes

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/rxxo6I
https://www.cve.org/CVERecord?id=CVE-2023-36631
https://nvd.nist.gov/vuln/detail/CVE-2023-36631

Back to Vulnerability Database

CVE-2023-36631

CVSS 3.1 Score 7.8 of 10 (high)

Details

Summary

Affected Vendors

Advisories, Assessments, and Mitigations