Lucene search
K
CloudflareWarp

16 matches found

CVE
CVE
added 2022/07/26 11:35 a.m.400 views

CVE-2022-2225

CVE-2022-2225 affects Cloudflare WARP client. A local attacker can bypass Zero Trust security policies and features like “Lock WARP switch” by using warp-cli subcommands (disable-ethernet, disable-wifi) without admin privileges. Reported impacts include bypass of Secure Web Gateway policies; expl...

8.1CVSS7.9AI score0.00187EPSS
CVE
CVE
added 2023/08/03 1:53 p.m.320 views

CVE-2023-2754

CVE-2023-2754 describes a vulnerability in the Cloudflare WARP Windows client where DNS queries can be exposed on the local network. When connected over an IPv6-capable network, the WARP client does not assign loopback IPv6 addresses; instead, it uses Unique Local Addresses, which under certain c...

7.4CVSS6.6AI score0.00746EPSS
CVE
CVE
added 2021/02/02 11:35 p.m.281 views

CVE-2020-35152

CVE-2020-35152 affects Cloudflare WARP for Windows prior to version 1.2.2695.1, due to an unquoted service path that allows privilege escalation from non-administrative to administrator. The vulnerability is fixed in 1.2.2695.1 by adding quotes around the service binary path. All available connec...

7.8CVSS6.2AI score0.00273EPSS
CVE
CVE
added 2025/01/22 5:34 p.m.90 views

CVE-2025-0651

CVE-2025-0651 describes an improper privilege management issue in Cloudflare WARP for Windows. A low-privilege user can create a set of symlinks in C:\ProgramData\Cloudflare\warp-diag-partials. When a user triggers the “Reset all settings” option, the WARP service (running with System privileges)...

7.1CVSS6.5AI score0.00294EPSS
CVE
CVE
added 2022/06/28 5:45 p.m.85 views

CVE-2022-2145

CVE-2022-2145 affects Cloudflare WARP Client for Windows up to version 2022.5.309.0. The issue enables creation of mount points from the ProgramData folder during installation, enabling local privilege escalation and overwriting SYSTEM-protected files. Reports in NVD/Red Hat/CVE records describe ...

7.8CVSS6.6AI score0.00294EPSS
CVE
CVE
added 2022/06/23 9:0 p.m.83 views

CVE-2022-2147

CVE-2022-2147 affects Cloudflare Warp for Windows (versions 2022.2.95.0 and earlier); it is caused by an unquoted service path, enabling arbitrary code execution with privilege escalation via a local attack. The fix is in version 2022.3.186.0. Exploitation status is not provided in the documents....

7.8CVSS7.4AI score0.00263EPSS
CVE
CVE
added 2023/06/20 8:28 a.m.74 views

CVE-2023-1862

CVE-2023-1862 affects the Cloudflare WARP client for Windows (up to v2023.3.381.0). The weakness is an insufficient access control policy on an IPC Named Pipe used by warp-svc.exe, which could let a remote attacker trigger WARP connect/disconnect commands and read network diagnostics and applicat...

7.3CVSS7.2AI score0.00754EPSS
CVE
CVE
added 2022/10/28 9:22 a.m.71 views

CVE-2022-3512

CVE-2022-3512 affects Cloudflare WARP by allowing a user to disconnect the WARP client and bypass the Lock WARP switch using the warp-cli add-trusted-ssid command, enabling Zero Trust policies not to be enforced on the endpoint. The available sources consistently describe the bypass vector and it...

8.8CVSS7.6AI score0.00394EPSS
CVE
CVE
added 2023/01/11 4:32 p.m.65 views

CVE-2022-4457

The CVE-2022-4457 issue concerns the WARP client for Android, where a misconfiguration in the app manifest enables a task hijacking attack. This could let a malicious app hijack legitimate apps and potentially exfiltrate sensitive data when installed on a victim’s device. Documented details acros...

5.5CVSS5.3AI score0.00167EPSS
CVE
CVE
added 2023/04/05 3:22 p.m.64 views

CVE-2023-1412

The CVE-2023-1412 issue affects Cloudflare WARP Client for Windows (versions ≤ 2022.12.582.0). The root cause is an Improper Access Control in the MSI installer repair function stored under C:\Windows\Installer, exploitable by an unprivileged user to execute privileged SYSTEM context operations v...

7.8CVSS7.3AI score0.00244EPSS
CVE
CVE
added 2022/10/28 9:30 a.m.61 views

CVE-2022-3320

Summary: CVE-2022-3320 affects Cloudflare WARP/Zero Trust deployments where the warp-cli set-custom-endpoint subcommand can be used with an unreachable endpoint, causing the WARP Client to disconnect and bypass administrative restrictions on a Zero Trust enrolled endpoint. Multiple connected sour...

9.8CVSS8.2AI score0.00378EPSS
CVE
CVE
added 2023/09/07 12:11 p.m.61 views

CVE-2023-3747

CVE-2023-3747 describes a vulnerability in Cloudflare WARP/Zero Trust where there is insufficient server-side validation of override codes. A local attacker with access to the device can extend the maximum disconnected time of the WARP client by altering the device’s clock, exploiting the overrid...

5.5CVSS5.4AI score0.00182EPSS
CVE
CVE
added 2023/08/29 3:5 p.m.56 views

CVE-2023-0654

CVE-2023-0654 affects the WARP Mobile Client for Android, prior to version 6.29. The vulnerability results from a misconfiguration that allows tapjacking, enabling a malicious app to deceive users into thinking the attacker’s UI is the WARP client (spoofing user activity loads). Evidence across m...

3.9CVSS3.9AI score0.00197EPSS
CVE
CVE
added 2023/01/11 4:49 p.m.53 views

CVE-2022-4428

Cloudflare WARP client (Windows) is affected by CVE-2022-4428 due to unvalidated support_uri in the local settings file (mdm.xml). A crafted XML config or a manipulated path could be used to escalate privileges and trigger execution of an arbitrary local executable when the user interacts with th...

8.9CVSS8AI score0.00695EPSS
CVE
CVE
added 2023/04/06 9:42 a.m.49 views

CVE-2023-0652

CVE-2023-0652 is a Local Privilege Escalation in Cloudflare WARP Installer (Windows). The issue stems from a hardlink created in the ProgramData folder during the repair process, where the MSI-based installer could forge the hardlink’s destination, enabling privilege escalation and overwriting SY...

7.8CVSS7.2AI score0.00289EPSS
CVE
CVE
added 2023/08/29 2:56 p.m.41 views

CVE-2023-0238

CVE-2023-0238 affects Cloudflare WARP Mobile Client for Android, versions

5.5CVSS4.5AI score0.00196EPSS