Privilege escalation through unquoted service binary path on Cloudflare WARP for Windows
CVE-2020-35152

4.5MEDIUM

Key Information:

Vendor: Cloudflare
Status: Cloudflare Warp For Windows
Vendor: CVE Published:; 3 February 2021

What is CVE-2020-35152?

Cloudflare WARP for Windows allows privilege escalation due to an unquoted service path. A malicious user or process running with non-administrative privileges can become an administrator by abusing the unquoted service path issue. Since version 1.2.2695.1, the vulnerability was fixed by adding quotes around the service's binary path. This issue affects Cloudflare WARP for Windows, versions prior to 1.2.2695.1.

Affected Version(s)

Cloudflare WARP for Windows < 1.2.2695.1

References

https://github.com/cloudflare/advisories/security/advisor...

x_refsource_CONFIRM

CVSS V3.1

Score:

4.5

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Local

Attack Complexity:

High

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 3, 2021
Vulnerability Reserved
Dec 11, 2020

Credit

James Tan