CVE-2022-2147

Cloudflare Warp for Windows from version 2022.2.95.0 contained an unquoted service path which enables arbitrary code execution leading to privilege escalation. The fix was released in version 2022.3.186.0.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
6.5 MEDIUM
LOCAL
LOW
HIGH
CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H
cloudflareCNA
6.5 MEDIUM
LOCAL
LOW
HIGH
CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 24%
VendorProductVersion
cloudflarewarp
2022.2.95.0 ≤
𝑥
< 2022.3.186.0
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://github.com/cloudflare/advisories/security/advisories/GHSA-m6w8-3pf9-p68r
https://github.com/cloudflare/advisories/security/advisories/GHSA-m6w8-3pf9-p68r