CVE-2022-2147

EUVD-2022-34432
Cloudflare Warp for Windows from version 2022.2.95.0 contained an unquoted service path which enables arbitrary code execution leading to privilege escalation. The fix was released in version 2022.3.186.0.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
6.5 MEDIUM
LOCAL
LOW
HIGH
CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H
cloudflareCNA
6.5 MEDIUM
LOCAL
LOW
HIGH
CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 27%
Affected Products (NVD)
VendorProductVersion
cloudflarewarp
2022.2.95.0 ≤
𝑥
< 2022.3.186.0
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://github.com/cloudflare/advisories/security/advisories/GHSA-m6w8-3pf9-p68r
https://github.com/cloudflare/advisories/security/advisories/GHSA-m6w8-3pf9-p68r