CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-3747 – Insufficient Validation on Override Codes for Always-Enabled WARP Mode
https://notcve.org/view.php?id=CVE-2023-3747
07 Sep 2023 — Zero Trust Administrators have the ability to disallow end users from disabling WARP on their devices. Override codes can also be created by the Administrators to allow a device to temporarily be disconnected from WARP, however, due to lack of server side validation, an attacker with local access to the device, could extend the maximum allowed disconnected time of WARP client granted by an override code by changing the date & time on the local device where WARP is running. Los Administradores de Zero Trust ... • https://developers.cloudflare.com/cloudflare-one/connections/connect-devices/warp/configure-warp/warp-settings/#retrieve-the-override-code • CWE-565: Reliance on Cookies without Validation and Integrity Checking CWE-602: Client-Side Enforcement of Server-Side Security •
CVSS: 3.9EPSS: 0%CPEs: 1EXPL: 0CVE-2023-0654 – Spoofing User's Activity Loads in WARP Mobile Client (Android)
https://notcve.org/view.php?id=CVE-2023-0654
29 Aug 2023 — Due to a misconfiguration, the WARP Mobile Client (< 6.29) for Android was susceptible to a tapjacking attack. In the event that an attacker built a malicious application and managed to install it on a victim's device, the attacker would be able to trick the user into believing that the app shown on the screen was the WARP client when in reality it was the attacker's app. • https://developers.cloudflare.com/warp-client • CWE-1021: Improper Restriction of Rendered UI Layers or Frames •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-0238 – Injecting Activity Loads in WARP Mobile Client
https://notcve.org/view.php?id=CVE-2023-0238
29 Aug 2023 — Due to lack of a security policy, the WARP Mobile Client (<=6.29) for Android was susceptible to this vulnerability which allowed a malicious app installed on a victim's device to exploit a peculiarity in an Android function, wherein under certain conditions, the malicious app could dictate the task behaviour of the WARP app. • https://developers.cloudflare.com/warp-client • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.4EPSS: 0%CPEs: 1EXPL: 0CVE-2023-2754 – Plaintext transmission of DNS requests in Windows 1.1.1.1 WARP client
https://notcve.org/view.php?id=CVE-2023-2754
03 Aug 2023 — The Cloudflare WARP client for Windows assigns loopback IPv4 addresses for the DNS Servers, since WARP acts as local DNS server that performs DNS queries in a secure manner, however, if a user is connected to WARP over an IPv6-capable network, te WARP client did not assign loopback IPv6 addresses but Unique Local Addresses, which under certain conditions could point towards unknown devices in the same local network which enables an Attacker to view DNS queries made by the device. • https://developers.cloudflare.com/warp-client • CWE-319: Cleartext Transmission of Sensitive Information •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-1862 – Remote access to warp-svc.exe in Cloudflare WARP
https://notcve.org/view.php?id=CVE-2023-1862
20 Jun 2023 — Cloudflare WARP client for Windows (up to v2023.3.381.0) allowed a malicious actor to remotely access the warp-svc.exe binary due to an insufficient access control policy on an IPC Named Pipe. This would have enabled an attacker to trigger WARP connect and disconnect commands, as well as obtaining network diagnostics and application configuration from the target's device. It is important to note that in order to exploit this, a set of requirements would need to be met, such as the target's device must've be... • https://developers.cloudflare.com/warp-client/get-started/windows • CWE-284: Improper Access Control •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-0652 – Local Privilege Escalation in Cloudflare WARP Installer (Windows)
https://notcve.org/view.php?id=CVE-2023-0652
06 Apr 2023 — Due to a hardlink created in the ProgramData folder during the repair process of the software, the installer (MSI) of WARP Client for Windows (<= 2022.12.582.0) allowed a malicious attacker to forge the destination of the hardlink and escalate privileges, overwriting SYSTEM protected files. As Cloudflare WARP client for Windows (up to version 2022.5.309.0) allowed creation of mount points from its ProgramData folder, during installation of the WARP client, it was possible to escalate privileges and overwrit... • https://developers.cloudflare.com/warp-client/get-started/windows • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-1412 – Local Privilege Escalation Vulnerability in WARP's MSI Installer
https://notcve.org/view.php?id=CVE-2023-1412
05 Apr 2023 — An unprivileged (non-admin) user can exploit an Improper Access Control vulnerability in the Cloudflare WARP Client for Windows (<= 2022.12.582.0) to perform privileged operations with SYSTEM context by working with a combination of opportunistic locks (oplock) and symbolic links (which can both be created by an unprivileged user). After installing the Cloudflare WARP Client (admin privileges required), an MSI-Installer is placed under C:\Windows\Installer. The vulnerability lies in the repair function of t... • https://developers.cloudflare.com/warp-client/get-started/windows • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2022-4428 – support_uri validation missing in WARP client for Windows
https://notcve.org/view.php?id=CVE-2022-4428
11 Jan 2023 — support_uri parameter in the WARP client local settings file (mdm.xml) lacked proper validation which allowed for privilege escalation and launching an arbitrary executable on the local machine upon clicking on the "Send feedback" option. An attacker with access to the local file system could use a crafted XML config file pointing to a malicious file or set a local path to the executable using Cloudflare Zero Trust Dashboard (for Zero Trust enrolled clients). • https://github.com/cloudflare/advisories/security/advisories/GHSA-h3j3-fhqg-66rh • CWE-20: Improper Input Validation •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2022-4457 – WARP client manifest misconfiguration leading to Task Hijacking
https://notcve.org/view.php?id=CVE-2022-4457
11 Jan 2023 — Due to a misconfiguration in the manifest file of the WARP client for Android, it was possible to a perform a task hijacking attack. An attacker could create a malicious mobile application which could hijack legitimate app and steal potentially sensitive information when installed on the victim's device. • https://github.com/cloudflare/advisories/security/advisories/GHSA-35f7-fqrc-4hhj • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 10.0EPSS: 0%CPEs: 3EXPL: 0CVE-2022-3320 – Bypassing Cloudflare Zero Trust policies using warp-cli set-custom-endpoint command
https://notcve.org/view.php?id=CVE-2022-3320
28 Oct 2022 — It was possible to bypass policies configured for Zero Trust Secure Web Gateway by using warp-cli 'set-custom-endpoint' subcommand. Using this command with an unreachable endpoint caused the WARP Client to disconnect and allowed bypassing administrative restrictions on a Zero Trust enrolled endpoint. Era posible omitir las políticas configuradas para Zero Trust Secure Web Gateway mediante el subcomando warp-cli 'set-custom-endpoint'. El uso de este comando con un punto final inalcanzable provocó que el clie... • https://github.com/cloudflare/advisories/security/advisories/GHSA-3868-hwjx-r5xf • CWE-862: Missing Authorization •