CVE-2020-35152
Last modified
CVE-2020-35152 is a high-severity vulnerability rated 7.8/10 on the CVSS scale. Cloudflare WARP for Windows allows privilege escalation due to an unquoted service path. A malicious user or process running with non-administrative privileges can become an administrator by abusing the unquoted service path issue. EPSS estimates a 0.27% chance of exploitation in the next 30 days.
Description
Cloudflare WARP for Windows allows privilege escalation due to an unquoted service path. A malicious user or process running with non-administrative privileges can become an administrator by abusing the unquoted service path issue. Since version 1.2.2695.1, the vulnerability was fixed by adding quotes around the service's binary path. This issue affects Cloudflare WARP for Windows, versions prior to 1.2.2695.1.
Metrics
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Cloudflare | Warp | < 1.2.2695.1 |
References
- https://github.com/cloudflare/advisories/security/advisories/GHSA-qc57-v5q8-f22hThird Party Advisory
- https://github.com/cloudflare/advisories/security/advisories/GHSA-qc57-v5q8-f22hThird Party Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2020-35152?
How severe is CVE-2020-35152?
How do I fix CVE-2020-35152?
Are you affected by CVE-2020-35152?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST