CVE-2022-2145

Summary

Cloudflare WARP client for Windows (up to v. 2022.5.309.0) allowed creation of mount points from its ProgramData folder. During installation of the WARP client, it was possible to escalate privileges and overwrite SYSTEM protected files.

Affected Software

VendorProductVersion RangeStatus
CloudflareWARPunspecified < 2022.5.309.0affected

Weaknesses

  • CWE-20: CWE-20 Improper Input Validation
  • CWE-59: CWE-59 Improper Link Resolution Before File Access ('Link Following')

ADP Enrichment

CVE Program Container

Additional References

References