CVE-2020-35152
Summary
| CVE | CVE-2020-35152 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2021-02-03 00:15:00 UTC |
| Updated | 2021-02-05 19:49:00 UTC |
| Description | Cloudflare WARP for Windows allows privilege escalation due to an unquoted service path. A malicious user or process running with non-administrative privileges can become an administrator by abusing the unquoted service path issue. Since version 1.2.2695.1, the vulnerability was fixed by adding quotes around the service's binary path. This issue affects Cloudflare WARP for Windows, versions prior to 1.2.2695.1. |
Risk And Classification
Problem Types: CWE-428
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Cloudflare | Warp | All | All | All | All |
| Application | Cloudflare | Warp | All | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Privilege escalation through unquoted service binary path on Cloudflare WARP for Windows · Advisory · cloudflare/advisories · GitHub | CONFIRM | github.com | Third Party Advisory |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
Vendor Comments And Credit
Discovery Credit
LEGACY: James Tan
There are currently no legacy QID mappings associated with this CVE.