PT-2022-14957 · Cloudflare · Cloudflare Warp Client

Mskowroncf

Published

2022-06-28

Updated

2022-07-08

CVE-2022-2145

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Cloudflare WARP client for Windows versions up to 2022.5.309.0

Description The issue allows creation of mount points from the ProgramData folder of the Cloudflare WARP client during its installation. This could lead to privilege escalation and the overwrite of SYSTEM protected files.

Recommendations For versions up to 2022.5.309.0, consider restricting access to the ProgramData folder as a temporary mitigation measure until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Link Following

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-59CWE-20

Related Identifiers

CVE-2022-2145

GHSA-6FPC-QXMR-6WRQ

Affected Products

Cloudflare Warp Client

PT-2022-14957 · Cloudflare · Cloudflare Warp Client

CVE-2022-2145

Weakness Enumeration

Related Identifiers

Affected Products

References · 4