CVE-2023-1412

Name of the Vulnerable Software and Affected Versions Cloudflare WARP Client for Windows versions <= 2022.12.582.0

Description An unprivileged user can exploit an Improper Access Control issue to perform privileged operations with SYSTEM context by using a combination of opportunistic locks and symbolic links. The vulnerability lies in the repair function of the MSI-Installer placed under C:WindowsInstaller after installing the Cloudflare WARP Client. This can lead to attacks including the manipulation of system files and privilege escalation, allowing an attacker to delete arbitrary files and read arbitrary file content.

Recommendations For versions <= 2022.12.582.0, upgrade to version 2023.3.381.0 or later and delete any older installers present in the system to address the vulnerability. As a temporary workaround, consider restricting access to the MSI-Installer under C:WindowsInstaller to minimize the risk of exploitation.