CVE-2022-2145
5.8
CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:L/I:H/A:H
Summary
Cloudflare WARP client for Windows (up to v. 2022.5.309.0) allowed creation of mount points from its ProgramData folder. During installation of the WARP client, it was possible to escalate privileges and overwrite SYSTEM protected files.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Cloudflare | WARP | unspecified < 2022.5.309.0 | affected |
Weaknesses
- CWE-20: CWE-20 Improper Input Validation
- CWE-59: CWE-59 Improper Link Resolution Before File Access ('Link Following')
ADP Enrichment
CVE Program Container
Additional References
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.