CVE-2023-0652

low-risk

Published 2023-04-06

Due to a hardlink created in the ProgramData folder during the repair process of the software, the installer (MSI) of WARP Client for Windows (<= 2022.12.582.0) allowed a malicious attacker to forge the destination of the hardlink and escalate privileges, overwriting SYSTEM protected files. As Cloudflare WARP client for Windows (up to version 2022.5.309.0) allowed creation of mount points from its ProgramData folder, during installation of the WARP client, it was possible to escalate privileges and overwrite SYSTEM protected files.

Do I need to act?

0.84% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 7.0/10 High

LOCAL / HIGH complexity

Affected Products (1)

Warp

Affected Vendors

Cloudflare

References (6)

Product https://developers.cloudflare.com/warp-client/get-started/windows/

Vendor Advisory https://github.com/cloudflare/advisories/security/advisories/GHSA-xmhj-9p83-xvw9

Release Notes https://install.appcenter.ms/orgs/cloudflare/apps/1.1.1.1-windows-1/distribution...

Product https://developers.cloudflare.com/warp-client/get-started/windows/

Vendor Advisory https://github.com/cloudflare/advisories/security/advisories/GHSA-xmhj-9p83-xvw9

Release Notes https://install.appcenter.ms/orgs/cloudflare/apps/1.1.1.1-windows-1/distribution...

/ 100

low-risk

Severity 18/34 · Moderate

Exploitability 3/34 · Minimal

Exposure 5/34 · Minimal