CVE Tools
Sign in

CVE-2023-1412

Local Privilege Escalation Vulnerability in WARP's MSI Installer

Published: Apr 5, 2023Updated: Nov 21, 2024 Sources: CVE List NVDCWE-59
NVD MITRE
7.0CVSSHIGH
EPSS Score
0.2%
Top 84.8%
CISA KEV
Not in KEV
Exploits
No Known Exploits
Remediation
Patch Available

Description

An unprivileged (non-admin) user can exploit an Improper Access Control vulnerability in the Cloudflare WARP Client for Windows (<= 2022.12.582.0) to perform privileged operations with SYSTEM context by working with a combination of opportunistic locks (oplock) and symbolic links (which can both be created by an unprivileged user). After installing the Cloudflare WARP Client (admin privileges required), an MSI-Installer is placed under C:\Windows\Installer. The vulnerability lies in the repair function of this MSI. ImpactAn unprivileged (non-admin) user can exploit this vulnerability to perform privileged operations with SYSTEM context, including deleting arbitrary files and reading arbitrary file content. This can lead to a variety of attacks, including the manipulation of system files and privilege escalation. PatchesA new installer with a fix that addresses this vulnerability was released in version 2023.3.381.0. While the WARP Client itself is not vulnerable (only the installer), users are encouraged to upgrade to the latest version and delete any older installers present in their systems.

CVSS Vector Breakdown

AV:LAC:HPR:LUI:NS:UC:HI:HA:H
Exploitability
AV:LAttack Vector
Local
AC:HAttack Complexity
High
PR:LPrivileges Required
Low
UI:NUser Interaction
None
Scope
S:UScope
Unchanged
Impact
C:HConfidentiality
High
I:HIntegrity
High
A:HAvailability
High
Open in CVSS calculator →

Weaknesses

CWE-59

Affected Products

warpcloudflare
Desktop App
Security Products / secure-gateway-vpn
WARPCloudflare
Desktop App
Security Products / secure-gateway-vpn
cloudflarecommercialUSSecurity Productsaka warp, octorpki, quiche

Attack Graph

Products CVE Techniques Tactics

Click technique nodes to view MITRE ATT&CK details. Scroll to zoom, drag to pan.

Exploitability

Official Patch Available

MITRE ATT&CK

2 techniques
Collection
Discovery
View detailed technique mapping

References

https://developers.cloudflare.com/warp-client/get-started/windows/
developers.cloudflare.com
https://github.com/cloudflare/advisories/security/advisories/GHSA-hgxh-48m3-3gq7
github.com
https://install.appcenter.ms/orgs/cloudflare/apps/1.1.1.1-windows-1/distribution_groups/release
install.appcenter.ms

Timeline

Published
Apr 5, 2023
Last Updated
Nov 21, 2024

Unlock Complete Vulnerability Intelligence

Get the full picture for CVE-2023-1412 and every CVE in our database. Create a free account — no credit card required.

Create Free Account
Plain-language analysis
Impact assessment and exploitation scenario in plain English
Attack graph visualization
Interactive attack path and kill chain mapping
Exploit details & PoC links
ExploitDB, Metasploit, GitHub PoCs with direct links
Nuclei scanner templates
Ready-to-use vulnerability scanner templates
Full remediation guide
Patch instructions, workarounds, and compliance impact
Interactive AI chat
Ask questions about this vulnerability in natural language
Related vulnerabilities
Semantically similar CVEs and attack patterns
REST API & MCP access
Integrate vulnerability data into your workflows