CVE-2022-2145: Cloudlfare WARP Arbitrary File Overwrite
First published: Tue Jun 28 2022(Updated: )
Cloudflare WARP client for Windows (up to v. 2022.5.309.0) allowed creation of mount points from its ProgramData folder. During installation of the WARP client, it was possible to escalate privileges and overwrite SYSTEM protected files.
Credit: cna@cloudflare.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Cloudflare Warp | <2022.5.309.0 |
Remedy
Upgrade WARP client for Windows to the newest version (at least 2022.5.309.0.)
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the vulnerability ID for this Cloudflare WARP client vulnerability?
The vulnerability ID for this Cloudflare WARP client vulnerability is CVE-2022-2145.
What is the severity of CVE-2022-2145?
The severity of CVE-2022-2145 is high with a CVSS score of 7.8.
Which software versions are affected by CVE-2022-2145?
Cloudflare WARP client for Windows up to v. 2022.5.309.0 is affected by CVE-2022-2145.
How can the privilege escalation and overwriting of SYSTEM protected files be performed in this vulnerability?
The privilege escalation and overwriting of SYSTEM protected files can be performed during the installation of the WARP client by creating mount points from its ProgramData folder.
Is there a fix available for CVE-2022-2145?
Yes, Cloudflare has released a fix for CVE-2022-2145. It is recommended to update to the latest version of the Cloudflare WARP client for Windows.
- collector/nvd-index
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/title
- agent/severity
- agent/last-modified-date
- agent/remedy
- agent/weakness
- agent/author
- agent/tags
- agent/description
- agent/references
- agent/first-publish-date
- agent/event
- vendor/cloudflare
- canonical/cloudflare warp