Lucene search
K
Database
Vendors
Products
Timeline
Vulnerabilities
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
CloudflareWarp*

14 matches found

CVE
CVEadded 2022/07/26 12:15 p.m.384 views

CVE-2022-2225

By using warp-cli subcommands (disable-ethernet, disable-wifi), it was possible for a user without admin privileges to bypass configured Zero Trust security policies (e.g. Secure Web Gateway policies) and features such as 'Lock WARP switch'.

8.1CVSS7.9AI score0.00007EPSS
CVE
CVEadded 2023/08/03 3:15 p.m.299 views

CVE-2023-2754

The Cloudflare WARP client for Windows assigns loopback IPv4 addresses for the DNS Servers, since WARP acts as local DNS server that performs DNS queries in a secure manner, however, if a user is connected to WARP over an IPv6-capable network, te WARP client did not assign loopback IPv6 addresses b...

7.4CVSS6.6AI score0.00506EPSS
CVE
CVEadded 2021/02/03 12:15 a.m.263 views

CVE-2020-35152

Cloudflare WARP for Windows allows privilege escalation due to an unquoted service path. A malicious user or process running with non-administrative privileges can become an administrator by abusing the unquoted service path issue. Since version 1.2.2695.1, the vulnerability was fixed by adding quo...

7.8CVSS6.2AI score0.00054EPSS
CVE
CVEadded 2022/06/28 6:15 p.m.71 views

CVE-2022-2145

Cloudflare WARP client for Windows (up to v. 2022.5.309.0) allowed creation of mount points from its ProgramData folder. During installation of the WARP client, it was possible to escalate privileges and overwrite SYSTEM protected files.

7.8CVSS6.6AI score0.00093EPSS
CVE
CVEadded 2022/06/23 9:15 p.m.65 views

CVE-2022-2147

Cloudflare Warp for Windows from version 2022.2.95.0 contained an unquoted service path which enables arbitrary code execution leading to privilege escalation. The fix was released in version 2022.3.186.0.

7.8CVSS7.4AI score0.001EPSS
CVE
CVEadded 2022/10/28 10:15 a.m.55 views

CVE-2022-3512

Using warp-cli command "add-trusted-ssid", a user was able to disconnect WARP client and bypass the "Lock WARP switch" feature resulting in Zero Trust policies not being enforced on an affected endpoint.

8.8CVSS7.6AI score0.00018EPSS
CVE
CVEadded 2023/06/20 9:15 a.m.50 views

CVE-2023-1862

Cloudflare WARP client for Windows (up to v2023.3.381.0) allowed a malicious actor to remotely access the warp-svc.exe binary due to an insufficient access control policy on an IPC Named Pipe. This would have enabled an attacker to trigger WARP connect and disconnect commands, as well as obtaining ...

7.3CVSS7.2AI score0.00318EPSS
CVE
CVEadded 2022/10/28 10:15 a.m.44 views

CVE-2022-3320

It was possible to bypass policies configured for Zero Trust Secure Web Gateway by using warp-cli 'set-custom-endpoint' subcommand. Using this command with an unreachable endpoint caused the WARP Client to disconnect and allowed bypassing administrative restrictions on a Zero Trust enrolled endpoin...

9.8CVSS8.2AI score0.00007EPSS
CVE
CVEadded 2023/04/05 4:15 p.m.43 views

CVE-2023-1412

An unprivileged (non-admin) user can exploit an Improper Access Control vulnerability in the Cloudflare WARP Client for Windows (<= 2022.12.582.0) to perform privileged operations with SYSTEM context by working with a combination of opportunistic locks (oplock) and symbolic links (which can both...

7.8CVSS7.3AI score0.00107EPSS
CVE
CVEadded 2023/01/11 5:15 p.m.41 views

CVE-2022-4457

Due to a misconfiguration in the manifest file of the WARP client for Android, it was possible to a perform a task hijacking attack. An attacker could create a malicious mobile application which could hijack legitimate app and steal potentially sensitive information when installed on the victim's d...

5.5CVSS5.3AI score0.00039EPSS
CVE
CVEadded 2023/08/29 4:15 p.m.40 views

CVE-2023-0654

Due to a misconfiguration, the WARP Mobile Client (< 6.29) for Android was susceptible to a tapjacking attack. In the event that an attacker built a malicious application and managed to install it on a victim's device, the attacker would be able to trick the user into believing that the app show...

3.9CVSS3.9AI score0.00048EPSS
CVE
CVEadded 2023/01/11 5:15 p.m.39 views

CVE-2022-4428

support_uri parameter in the WARP client local settings file (mdm.xml) lacked proper validation which allowed for privilege escalation and launching an arbitrary executable on the local machine upon clicking on the "Send feedback" option. An attacker with access to the local file system could use a...

8.9CVSS8AI score0.00165EPSS
CVE
CVEadded 2023/04/06 10:15 a.m.35 views

CVE-2023-0652

Due to a hardlink created in the ProgramData folder during the repair process of the software, the installer (MSI) of WARP Client for Windows (<= 2022.12.582.0) allowed a malicious attacker to forge the destination of the hardlink and escalate privileges, overwriting SYSTEM protected files.As Cl...

7.8CVSS7.2AI score0.0027EPSS
CVE
CVEadded 2023/08/29 3:15 p.m.25 views

CVE-2023-0238

Due to lack of a security policy, the WARP Mobile Client (<=6.29) for Android was susceptible to this vulnerability which allowed a malicious app installed on a victim's device to exploit a peculiarity in an Android function, wherein under certain conditions, the malicious app could dictate the ...

5.5CVSS4.5AI score0.00019EPSS