PT-2022-14963 · Cloudflare · Cloudflare Warp

Jdgregson

Published

2022-06-23

Updated

2022-07-01

CVE-2022-2147

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Cloudflare Warp for Windows versions 2022.2.95.0 through 2022.3.185.0

Description The issue is related to an unquoted service path in Cloudflare Warp for Windows, which enables arbitrary code execution leading to privilege escalation.

Recommendations For versions 2022.2.95.0 through 2022.3.185.0, update to version 2022.3.186.0 to resolve the issue.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-428

Related Identifiers

CVE-2022-2147

GHSA-M6W8-3PF9-P68R

Affected Products

Cloudflare Warp

PT-2022-14963 · Cloudflare · Cloudflare Warp

CVE-2022-2147

Weakness Enumeration

Related Identifiers

Affected Products

References · 5