CVE-2022-2145 - OpenCVE

Cloudflare WARP client for Windows (up to v. 2022.5.309.0) allowed creation of mount points from its ProgramData folder. During installation of the WARP client, it was possible to escalate privileges and overwrite SYSTEM protected files.

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:L/AC:L/Au:N/C:C/I:C/A:C

Vendors & Products
CPE Configurations

Vendors	Products
Cloudflare	Warp

Configuration 1 [-]

cpe:2.3:a:cloudflare:warp:*:*:*:*:*:windows:*:*

References

Link	Resource
https://github.com/cloudflare/advisories/security/advisories/GHSA-6fpc-qxmr-6wrq	Release Notes Third Party Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: cloudflare

Published: 2022-06-28T17:45:20

Updated: 2022-06-28T17:45:20

Reserved: 2022-06-21T00:00:00

Link: CVE-2022-2145

JSON object: View

NVD Information

Status : Analyzed

Published: 2022-06-28T18:15:08.247

Modified: 2022-07-08T13:37:24.743

Link: CVE-2022-2145

JSON object: View

Redhat Information

No data.

CWE

{"containers": {"cna": {"affected": [{"platforms": ["Windows"], "product": "WARP", "vendor": "Cloudflare", "versions": [{"lessThan": "2022.5.309.0", "status": "affected", "version": "unspecified", "versionType": "custom"}]}], "credits": [{"lang": "en", "value": "Patrick Murphy (@hackandpwn)"}], "descriptions": [{"lang": "en", "value": "Cloudflare WARP client for Windows (up to v. 2022.5.309.0) allowed creation of mount points from its ProgramData folder. During installation of the WARP client, it was possible to escalate privileges and overwrite SYSTEM protected files."}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:L/I:H/A:H", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-20", "description": "CWE-20 Improper Input Validation", "lang": "en", "type": "CWE"}]}, {"descriptions": [{"cweId": "CWE-59", "description": "CWE-59 Improper Link Resolution Before File Access ('Link Following')", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2022-06-28T17:45:20", "orgId": "a22f1246-ba21-4bb4-a601-ad51614c1513", "shortName": "cloudflare"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://github.com/cloudflare/advisories/security/advisories/GHSA-6fpc-qxmr-6wrq"}], "solutions": [{"lang": "en", "value": "Upgrade WARP client for Windows to the newest version (at least 2022.5.309.0.)"}], "source": {"advisory": "GHSA-6fpc-qxmr-6wrq", "discovery": "EXTERNAL"}, "title": "Cloudlfare WARP Arbitrary File Overwrite ", "x_generator": {"engine": "Vulnogram 0.0.9"}, "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cna@cloudflare.com", "ID": "CVE-2022-2145", "STATE": "PUBLIC", "TITLE": "Cloudlfare WARP Arbitrary File Overwrite "}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "WARP", "version": {"version_data": [{"platform": "Windows", "version_affected": "<", "version_value": "2022.5.309.0"}]}}]}, "vendor_name": "Cloudflare"}]}}, "credit": [{"lang": "eng", "value": "Patrick Murphy (@hackandpwn)"}], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Cloudflare WARP client for Windows (up to v. 2022.5.309.0) allowed creation of mount points from its ProgramData folder. During installation of the WARP client, it was possible to escalate privileges and overwrite SYSTEM protected files."}]}, "generator": {"engine": "Vulnogram 0.0.9"}, "impact": {"cvss": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:L/I:H/A:H", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-20 Improper Input Validation"}]}, {"description": [{"lang": "eng", "value": "CWE-59 Improper Link Resolution Before File Access ('Link Following')"}]}]}, "references": {"reference_data": [{"name": "https://github.com/cloudflare/advisories/security/advisories/GHSA-6fpc-qxmr-6wrq", "refsource": "MISC", "url": "https://github.com/cloudflare/advisories/security/advisories/GHSA-6fpc-qxmr-6wrq"}]}, "solution": [{"lang": "en", "value": "Upgrade WARP client for Windows to the newest version (at least 2022.5.309.0.)"}], "source": {"advisory": "GHSA-6fpc-qxmr-6wrq", "discovery": "EXTERNAL"}}}}, "cveMetadata": {"assignerOrgId": "a22f1246-ba21-4bb4-a601-ad51614c1513", "assignerShortName": "cloudflare", "cveId": "CVE-2022-2145", "datePublished": "2022-06-28T17:45:20", "dateReserved": "2022-06-21T00:00:00", "dateUpdated": "2022-06-28T17:45:20", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:cloudflare:warp:*:*:*:*:*:windows:*:*", "matchCriteriaId": "AD83E70B-AD72-4303-88E0-832998C55026", "versionEndExcluding": "2022.5.309.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Cloudflare WARP client for Windows (up to v. 2022.5.309.0) allowed creation of mount points from its ProgramData folder. During installation of the WARP client, it was possible to escalate privileges and overwrite SYSTEM protected files."}, {"lang": "es", "value": "El cliente WARP de Cloudflare para Windows (versiones hasta 2022.5.309.0) permit\u00eda la creaci\u00f3n de puntos de montaje desde su carpeta ProgramData. Durante la instalaci\u00f3n del cliente WARP, era posible escalar privilegios y sobrescribir archivos protegidos por el sistema"}], "id": "CVE-2022-2145", "lastModified": "2022-07-08T13:37:24.743", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 7.2, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:L/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 0.3, "impactScore": 5.5, "source": "cna@cloudflare.com", "type": "Secondary"}]}, "published": "2022-06-28T18:15:08.247", "references": [{"source": "cna@cloudflare.com", "tags": ["Release Notes", "Third Party Advisory"], "url": "https://github.com/cloudflare/advisories/security/advisories/GHSA-6fpc-qxmr-6wrq"}], "sourceIdentifier": "cna@cloudflare.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-59"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-20"}, {"lang": "en", "value": "CWE-59"}], "source": "cna@cloudflare.com", "type": "Secondary"}]}