Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
2 vulnerabilities found for Cloudflare WARP for Windows by Cloudflare
CVE-2020-35152 (GCVE-0-2020-35152)
Vulnerability from nvd – Published: 2021-02-02 23:35 – Updated: 2024-09-16 22:25
VLAI?
Title
Privilege escalation through unquoted service binary path on Cloudflare WARP for Windows
Summary
Cloudflare WARP for Windows allows privilege escalation due to an unquoted service path. A malicious user or process running with non-administrative privileges can become an administrator by abusing the unquoted service path issue. Since version 1.2.2695.1, the vulnerability was fixed by adding quotes around the service's binary path. This issue affects Cloudflare WARP for Windows, versions prior to 1.2.2695.1.
Severity ?
4.5 (Medium)
CWE
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cloudflare | Cloudflare WARP for Windows |
Affected:
unspecified , < 1.2.2695.1
(custom)
|
Date Public ?
2020-12-11 00:00
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T16:55:10.646Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/cloudflare/advisories/security/advisories/GHSA-qc57-v5q8-f22h"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Cloudflare WARP for Windows",
"vendor": "Cloudflare",
"versions": [
{
"lessThan": "1.2.2695.1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "James Tan"
}
],
"datePublic": "2020-12-11T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Cloudflare WARP for Windows allows privilege escalation due to an unquoted service path. A malicious user or process running with non-administrative privileges can become an administrator by abusing the unquoted service path issue. Since version 1.2.2695.1, the vulnerability was fixed by adding quotes around the service\u0027s binary path. This issue affects Cloudflare WARP for Windows, versions prior to 1.2.2695.1."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 4.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-428",
"description": "CWE-428",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-02-02T23:35:31.000Z",
"orgId": "a22f1246-ba21-4bb4-a601-ad51614c1513",
"shortName": "cloudflare"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/cloudflare/advisories/security/advisories/GHSA-qc57-v5q8-f22h"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Privilege escalation through unquoted service binary path on Cloudflare WARP for Windows",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cna@cloudflare.com",
"DATE_PUBLIC": "2020-12-11T20:09:00.000Z",
"ID": "CVE-2020-35152",
"STATE": "PUBLIC",
"TITLE": "Privilege escalation through unquoted service binary path on Cloudflare WARP for Windows"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cloudflare WARP for Windows",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "1.2.2695.1"
}
]
}
}
]
},
"vendor_name": "Cloudflare"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "James Tan"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cloudflare WARP for Windows allows privilege escalation due to an unquoted service path. A malicious user or process running with non-administrative privileges can become an administrator by abusing the unquoted service path issue. Since version 1.2.2695.1, the vulnerability was fixed by adding quotes around the service\u0027s binary path. This issue affects Cloudflare WARP for Windows, versions prior to 1.2.2695.1."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 4.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-428"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://github.com/cloudflare/advisories/security/advisories/GHSA-qc57-v5q8-f22h"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a22f1246-ba21-4bb4-a601-ad51614c1513",
"assignerShortName": "cloudflare",
"cveId": "CVE-2020-35152",
"datePublished": "2021-02-02T23:35:31.270Z",
"dateReserved": "2020-12-11T00:00:00.000Z",
"dateUpdated": "2024-09-16T22:25:07.987Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-35152 (GCVE-0-2020-35152)
Vulnerability from cvelistv5 – Published: 2021-02-02 23:35 – Updated: 2024-09-16 22:25
VLAI?
Title
Privilege escalation through unquoted service binary path on Cloudflare WARP for Windows
Summary
Cloudflare WARP for Windows allows privilege escalation due to an unquoted service path. A malicious user or process running with non-administrative privileges can become an administrator by abusing the unquoted service path issue. Since version 1.2.2695.1, the vulnerability was fixed by adding quotes around the service's binary path. This issue affects Cloudflare WARP for Windows, versions prior to 1.2.2695.1.
Severity ?
4.5 (Medium)
CWE
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cloudflare | Cloudflare WARP for Windows |
Affected:
unspecified , < 1.2.2695.1
(custom)
|
Date Public ?
2020-12-11 00:00
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T16:55:10.646Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/cloudflare/advisories/security/advisories/GHSA-qc57-v5q8-f22h"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Cloudflare WARP for Windows",
"vendor": "Cloudflare",
"versions": [
{
"lessThan": "1.2.2695.1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "James Tan"
}
],
"datePublic": "2020-12-11T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Cloudflare WARP for Windows allows privilege escalation due to an unquoted service path. A malicious user or process running with non-administrative privileges can become an administrator by abusing the unquoted service path issue. Since version 1.2.2695.1, the vulnerability was fixed by adding quotes around the service\u0027s binary path. This issue affects Cloudflare WARP for Windows, versions prior to 1.2.2695.1."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 4.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-428",
"description": "CWE-428",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-02-02T23:35:31.000Z",
"orgId": "a22f1246-ba21-4bb4-a601-ad51614c1513",
"shortName": "cloudflare"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/cloudflare/advisories/security/advisories/GHSA-qc57-v5q8-f22h"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Privilege escalation through unquoted service binary path on Cloudflare WARP for Windows",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cna@cloudflare.com",
"DATE_PUBLIC": "2020-12-11T20:09:00.000Z",
"ID": "CVE-2020-35152",
"STATE": "PUBLIC",
"TITLE": "Privilege escalation through unquoted service binary path on Cloudflare WARP for Windows"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cloudflare WARP for Windows",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "1.2.2695.1"
}
]
}
}
]
},
"vendor_name": "Cloudflare"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "James Tan"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cloudflare WARP for Windows allows privilege escalation due to an unquoted service path. A malicious user or process running with non-administrative privileges can become an administrator by abusing the unquoted service path issue. Since version 1.2.2695.1, the vulnerability was fixed by adding quotes around the service\u0027s binary path. This issue affects Cloudflare WARP for Windows, versions prior to 1.2.2695.1."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 4.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-428"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://github.com/cloudflare/advisories/security/advisories/GHSA-qc57-v5q8-f22h"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a22f1246-ba21-4bb4-a601-ad51614c1513",
"assignerShortName": "cloudflare",
"cveId": "CVE-2020-35152",
"datePublished": "2021-02-02T23:35:31.270Z",
"dateReserved": "2020-12-11T00:00:00.000Z",
"dateUpdated": "2024-09-16T22:25:07.987Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}