Search

Find a vulnerability

Search criteria

    2 vulnerabilities found for Cloudflare WARP for Windows by Cloudflare

    CVE-2020-35152 (GCVE-0-2020-35152)

    Vulnerability from nvd – Published: 2021-02-02 23:35 – Updated: 2024-09-16 22:25
    VLAI
    Title
    Privilege escalation through unquoted service binary path on Cloudflare WARP for Windows
    Summary
    Cloudflare WARP for Windows allows privilege escalation due to an unquoted service path. A malicious user or process running with non-administrative privileges can become an administrator by abusing the unquoted service path issue. Since version 1.2.2695.1, the vulnerability was fixed by adding quotes around the service's binary path. This issue affects Cloudflare WARP for Windows, versions prior to 1.2.2695.1.
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    Cloudflare Cloudflare WARP for Windows Affected: unspecified , < 1.2.2695.1 (custom)
    Create a notification for this product.
    Date Public
    2020-12-11 00:00
    Credits
    James Tan
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T16:55:10.646Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://github.com/cloudflare/advisories/security/advisories/GHSA-qc57-v5q8-f22h"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Cloudflare WARP for Windows",
              "vendor": "Cloudflare",
              "versions": [
                {
                  "lessThan": "1.2.2695.1",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "James Tan"
            }
          ],
          "datePublic": "2020-12-11T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Cloudflare WARP for Windows allows privilege escalation due to an unquoted service path. A malicious user or process running with non-administrative privileges can become an administrator by abusing the unquoted service path issue. Since version 1.2.2695.1, the vulnerability was fixed by adding quotes around the service\u0027s binary path. This issue affects Cloudflare WARP for Windows, versions prior to 1.2.2695.1."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "LOCAL",
                "availabilityImpact": "LOW",
                "baseScore": 4.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-428",
                  "description": "CWE-428",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-02-02T23:35:31.000Z",
            "orgId": "a22f1246-ba21-4bb4-a601-ad51614c1513",
            "shortName": "cloudflare"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/cloudflare/advisories/security/advisories/GHSA-qc57-v5q8-f22h"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "Privilege escalation through unquoted service binary path on Cloudflare WARP for Windows",
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cna@cloudflare.com",
              "DATE_PUBLIC": "2020-12-11T20:09:00.000Z",
              "ID": "CVE-2020-35152",
              "STATE": "PUBLIC",
              "TITLE": "Privilege escalation through unquoted service binary path on Cloudflare WARP for Windows"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Cloudflare WARP for Windows",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "1.2.2695.1"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Cloudflare"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "James Tan"
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Cloudflare WARP for Windows allows privilege escalation due to an unquoted service path. A malicious user or process running with non-administrative privileges can become an administrator by abusing the unquoted service path issue. Since version 1.2.2695.1, the vulnerability was fixed by adding quotes around the service\u0027s binary path. This issue affects Cloudflare WARP for Windows, versions prior to 1.2.2695.1."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "HIGH",
                "attackVector": "LOCAL",
                "availabilityImpact": "LOW",
                "baseScore": 4.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-428"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "refsource": "CONFIRM",
                  "url": "https://github.com/cloudflare/advisories/security/advisories/GHSA-qc57-v5q8-f22h"
                }
              ]
            },
            "source": {
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a22f1246-ba21-4bb4-a601-ad51614c1513",
        "assignerShortName": "cloudflare",
        "cveId": "CVE-2020-35152",
        "datePublished": "2021-02-02T23:35:31.270Z",
        "dateReserved": "2020-12-11T00:00:00.000Z",
        "dateUpdated": "2024-09-16T22:25:07.987Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-35152 (GCVE-0-2020-35152)

    Vulnerability from cvelistv5 – Published: 2021-02-02 23:35 – Updated: 2024-09-16 22:25
    VLAI
    Title
    Privilege escalation through unquoted service binary path on Cloudflare WARP for Windows
    Summary
    Cloudflare WARP for Windows allows privilege escalation due to an unquoted service path. A malicious user or process running with non-administrative privileges can become an administrator by abusing the unquoted service path issue. Since version 1.2.2695.1, the vulnerability was fixed by adding quotes around the service's binary path. This issue affects Cloudflare WARP for Windows, versions prior to 1.2.2695.1.
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    Cloudflare Cloudflare WARP for Windows Affected: unspecified , < 1.2.2695.1 (custom)
    Create a notification for this product.
    Date Public
    2020-12-11 00:00
    Credits
    James Tan
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T16:55:10.646Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://github.com/cloudflare/advisories/security/advisories/GHSA-qc57-v5q8-f22h"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Cloudflare WARP for Windows",
              "vendor": "Cloudflare",
              "versions": [
                {
                  "lessThan": "1.2.2695.1",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "James Tan"
            }
          ],
          "datePublic": "2020-12-11T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Cloudflare WARP for Windows allows privilege escalation due to an unquoted service path. A malicious user or process running with non-administrative privileges can become an administrator by abusing the unquoted service path issue. Since version 1.2.2695.1, the vulnerability was fixed by adding quotes around the service\u0027s binary path. This issue affects Cloudflare WARP for Windows, versions prior to 1.2.2695.1."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "LOCAL",
                "availabilityImpact": "LOW",
                "baseScore": 4.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-428",
                  "description": "CWE-428",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-02-02T23:35:31.000Z",
            "orgId": "a22f1246-ba21-4bb4-a601-ad51614c1513",
            "shortName": "cloudflare"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/cloudflare/advisories/security/advisories/GHSA-qc57-v5q8-f22h"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "Privilege escalation through unquoted service binary path on Cloudflare WARP for Windows",
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cna@cloudflare.com",
              "DATE_PUBLIC": "2020-12-11T20:09:00.000Z",
              "ID": "CVE-2020-35152",
              "STATE": "PUBLIC",
              "TITLE": "Privilege escalation through unquoted service binary path on Cloudflare WARP for Windows"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Cloudflare WARP for Windows",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "1.2.2695.1"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Cloudflare"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "James Tan"
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Cloudflare WARP for Windows allows privilege escalation due to an unquoted service path. A malicious user or process running with non-administrative privileges can become an administrator by abusing the unquoted service path issue. Since version 1.2.2695.1, the vulnerability was fixed by adding quotes around the service\u0027s binary path. This issue affects Cloudflare WARP for Windows, versions prior to 1.2.2695.1."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "HIGH",
                "attackVector": "LOCAL",
                "availabilityImpact": "LOW",
                "baseScore": 4.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-428"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "refsource": "CONFIRM",
                  "url": "https://github.com/cloudflare/advisories/security/advisories/GHSA-qc57-v5q8-f22h"
                }
              ]
            },
            "source": {
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a22f1246-ba21-4bb4-a601-ad51614c1513",
        "assignerShortName": "cloudflare",
        "cveId": "CVE-2020-35152",
        "datePublished": "2021-02-02T23:35:31.270Z",
        "dateReserved": "2020-12-11T00:00:00.000Z",
        "dateUpdated": "2024-09-16T22:25:07.987Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }