Cloudflare WARP for Windows allows privilege escalation due to an unquoted service path. A malicious user or process running with non-administrative privileges can become an administrator by abusing the unquoted service path issue. Since version 1.2.2695.1, the vulnerability was fixed by adding quotes around the service's binary path. This issue affects Cloudflare WARP for Windows, versions prior to 1.2.2695.1.
References
Link | Resource |
---|---|
https://github.com/cloudflare/advisories/security/advisories/GHSA-qc57-v5q8-f22h | Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: cloudflare
Published: 2020-12-11T00:00:00
Updated: 2021-02-02T23:35:31
Reserved: 2020-12-11T00:00:00
Link: CVE-2020-35152
JSON object: View
NVD Information
Status : Analyzed
Published: 2021-02-03T00:15:14.563
Modified: 2021-02-05T19:49:54.400
Link: CVE-2020-35152
JSON object: View
Redhat Information
No data.
CWE