7.8 - CVE-2023-1412

Executive Summary

Informations
Name	CVE-2023-1412	First vendor Publication	2023-04-05
Vendor	Cve	Last vendor Modification	2023-11-07

Security-Database Scoring CVSS v3

Cvss vector : CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Overall CVSS Score	7.8
Base Score	7.8	Environmental Score	7.8
impact SubScore	5.9	Temporal Score	7.8
Exploitabality Sub Score	1.8

Attack Vector	Local	Attack Complexity	Low
Privileges Required	Low	User Interaction	None
Scope	Unchanged	Confidentiality Impact	High
Integrity Impact	High	Availability Impact	High
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector :
Cvss Base Score	N/A	Attack Range	N/A
Cvss Impact Score	N/A	Attack Complexity	N/A
Cvss Expoit Score	N/A	Authentication	N/A
Calculate full CVSS 2.0 Vectors scores

Detail

An unprivileged (non-admin) user can exploit an Improper Access Control vulnerability in the Cloudflare WARP Client for Windows (<= 2022.12.582.0) to perform privileged operations with SYSTEM context by working with a combination of opportunistic locks (oplock) and symbolic links (which can both be created by an unprivileged user).

After installing the Cloudflare WARP Client (admin privileges required), an MSI-Installer is placed under C:\Windows\Installer. The vulnerability lies in the repair function of this MSI.

ImpactAn unprivileged (non-admin) user can exploit this vulnerability to perform privileged operations with SYSTEM context, including deleting arbitrary files and reading arbitrary file content. This can lead to a variety of attacks, including the manipulation of system files and privilege escalation.

PatchesA new installer with a fix that addresses this vulnerability was released in version 2023.3.381.0. While the WARP Client itself is not vulnerable (only the installer), users are encouraged to upgrade to the latest version and delete any older installers present in their systems.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1412

CWE : Common Weakness Enumeration

%	Id	Name
100 %	CWE-59	Improper Link Resolution Before File Access ('Link Following')

CPE : Common Platform Enumeration

Type	Description	Count
Application	Cloudflare Warp cpe:2.3:a:cloudflare:warp:6.29:::::android:: cpe:2.3:a:cloudflare:warp::::::windows::* cpe:2.3:a:cloudflare:warp::::::linux::* cpe:2.3:a:cloudflare:warp::::::macos::* cpe:2.3:a:cloudflare:warp::::::linux_kernel::* cpe:2.3:a:cloudflare:warp::::::android::*	6

Sources (Detail)

Source	Url
MISC	https://developers.cloudflare.com/warp-client/get-started/windows/ https://github.com/cloudflare/advisories/security/advisories/GHSA-hgxh-48m3-3gq7 https://install.appcenter.ms/orgs/cloudflare/apps/1.1.1.1-windows-1/distribut...

Alert History

If you want to see full details history, please login or register.

Date	Informations
2023-11-07 21:29:29	Multiple Updates
2023-09-15 02:25:17	Multiple Updates
2023-04-12 21:27:26	Multiple Updates
2023-04-05 21:27:15	First insertion

Type	Count
CWE ID(s)	1
CPE ID(s)	6
Sources(s)	3

7.8 - CVE-2023-1412

Executive Summary

Security-Database Scoring CVSS v3

Security-Database Scoring CVSS v2

Detail

Original Source

CWE : Common Weakness Enumeration

CPE : Common Platform Enumeration

Sources (Detail)

Alert History

Global Informations

Open Standards

COMPANY

STANDARDS

RECENT POSTS

MENU