Plaintext transmission of DNS requests in Windows 1.1.1.1 WARP client
CVE-2023-2754

7.4HIGH

Key Information:

Vendor

Cloudflare

Status
Warp
Vendor
CVE Published:
3 August 2023

What is CVE-2023-2754?

The Cloudflare WARP client for Windows has a vulnerability that affects its DNS query handling when deployed on IPv6-capable networks. While the client properly assigns loopback IPv4 addresses to DNS servers, it fails to do the same for IPv6, opting instead for Unique Local Addresses (ULAs). This misconfiguration can inadvertently expose DNS queries to potential attackers who are present on the same local network. Consequently, these malicious entities may gain access to sensitive query information from devices using the WARP client, undermining the intended security features of the application.

Affected Version(s)

WARP Windows 0

References

https://install.appcenter.ms/orgs/cloudflare/apps/1.1.1.1...
release-notes
https://github.com/cloudflare/advisories/security/advisor...
vendor-advisory
https://developers.cloudflare.com/warp-client/
product

CVSS V3.1

Score:
7.4
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

vanhoefm
.
CVE-2023-2754 : Plaintext transmission of DNS requests in Windows 1.1.1.1 WARP client