Remote access to warp-svc.exe in Cloudflare WARP
CVE-2023-1862

7.3HIGH

Key Information:

Vendor: Cloudflare
Status: Warp Client
Vendor: CVE Published:; 20 June 2023

What is CVE-2023-1862?

An access control vulnerability in the Cloudflare WARP client for Windows, up to version 2023.3.381.0, allows remote attackers to access the warp-svc.exe binary via an IPC Named Pipe. This can lead to unauthorized execution of connect and disconnect commands for the WARP service, as well as exposure of sensitive network diagnostics and configuration information from the targeted device. Successful exploitation requires specific conditions, such as the device being accessible on port 445 and either allowing NULL session authentication or having leaked credentials.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

WARP Client Windows 0 < 2023.3.381.0

References

https://developers.cloudflare.com/warp-client/get-started...

https://install.appcenter.ms/orgs/cloudflare/apps/1.1.1.1...

https://github.com/cloudflare/advisories/security/advisor...

CVSS V3.1

Score:

7.3

Severity:

HIGH

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jun 20, 2023
Vulnerability Reserved
Apr 5, 2023

JSON

Cloudflare