{ "CVE_data_meta": { "ASSIGNER": "cna@cloudflare.com", "ID": "CVE-2022-2145", "STATE": "PUBLIC", "TITLE": "Cloudlfare WARP Arbitrary File Overwrite " }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "WARP", "version": { "version_data": [ { "platform": "Windows", "version_affected": "<", "version_value": "2022.5.309.0" } ] } } ] }, "vendor_name": "Cloudflare" } ] } }, "credit": [ { "lang": "eng", "value": "Patrick Murphy (@hackandpwn)" } ], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Cloudflare WARP client for Windows (up to v. 2022.5.309.0) allowed creation of mount points from its ProgramData folder. During installation of the WARP client, it was possible to escalate privileges and overwrite SYSTEM protected files." } ] }, "generator": { "engine": "Vulnogram 0.0.9" }, "impact": { "cvss": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:L/I:H/A:H", "version": "3.1" } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-20 Improper Input Validation" } ] }, { "description": [ { "lang": "eng", "value": "CWE-59 Improper Link Resolution Before File Access ('Link Following')" } ] } ] }, "references": { "reference_data": [ { "refsource": "MISC", "url": "https://github.com/cloudflare/advisories/security/advisories/GHSA-6fpc-qxmr-6wrq", "name": "https://github.com/cloudflare/advisories/security/advisories/GHSA-6fpc-qxmr-6wrq" } ] }, "solution": [ { "lang": "eng", "value": "Upgrade WARP client for Windows to the newest version (at least 2022.5.309.0.)" } ], "source": { "advisory": "GHSA-6fpc-qxmr-6wrq", "discovery": "EXTERNAL" } }