Skip to content

Privilege escalation through unquoted service binary path on Cloudflare WARP for Windows

Low
dhaynespls published GHSA-qc57-v5q8-f22h Feb 2, 2021

Package

No package listed

Affected versions

< 1.2.2695.1

Patched versions

None

Description

Cloudflare WARP for Windows allows privilege escalation due to an unquoted service path. A malicious user or process running with non-administrative privileges can become an administrator by abusing the unquoted service path issue. Since version 1.2.2695.1, the vulnerability was fixed by adding quotes around the service's binary path. This issue affects Cloudflare WARP for Windows, versions prior to 1.2.2695.1.

Severity

Low

CVE ID

CVE-2020-35152

Weaknesses

No CWEs