GSD-2023-1862
Vulnerability from gsd - Updated: 2023-12-13 01:20Details
Cloudflare WARP client for Windows (up to v2023.3.381.0) allowed a malicious actor to remotely access the warp-svc.exe binary due to an insufficient access control policy on an IPC Named Pipe. This would have enabled an attacker to trigger WARP connect and disconnect commands, as well as obtaining network diagnostics and application configuration from the target's device. It is important to note that in order to exploit this, a set of requirements would need to be met, such as the target's device must've been reachable on port 445, allowed authentication with NULL sessions or otherwise having knowledge of the target's credentials.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2023-1862",
"id": "GSD-2023-1862"
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2023-1862"
],
"details": "Cloudflare WARP client for Windows (up to v2023.3.381.0) allowed a malicious actor to remotely access the warp-svc.exe\u00a0binary due to an insufficient access control policy on an IPC Named Pipe. This would have enabled an attacker to trigger WARP connect and disconnect commands, as well as obtaining network diagnostics and application configuration from the target\u0027s device. It is important to note that in order to exploit this, a set of requirements would need to be met, such as the target\u0027s device must\u0027ve been reachable on port 445, allowed authentication with NULL sessions or otherwise having knowledge of the target\u0027s credentials.\n\n",
"id": "GSD-2023-1862",
"modified": "2023-12-13T01:20:41.835061Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "cna@cloudflare.com",
"ID": "CVE-2023-1862",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "WARP Client",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"defaultStatus": "unaffected",
"versions": [
{
"changes": [
{
"at": "2023.3.381.0",
"status": "unaffected"
}
],
"lessThan": "2023.3.381.0",
"status": "affected",
"version": "0",
"versionType": "patch"
}
]
}
}
]
}
}
]
},
"vendor_name": "Cloudflare"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cloudflare WARP client for Windows (up to v2023.3.381.0) allowed a malicious actor to remotely access the warp-svc.exe\u00a0binary due to an insufficient access control policy on an IPC Named Pipe. This would have enabled an attacker to trigger WARP connect and disconnect commands, as well as obtaining network diagnostics and application configuration from the target\u0027s device. It is important to note that in order to exploit this, a set of requirements would need to be met, such as the target\u0027s device must\u0027ve been reachable on port 445, allowed authentication with NULL sessions or otherwise having knowledge of the target\u0027s credentials.\n\n"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"cweId": "CWE-284",
"lang": "eng",
"value": "CWE-284"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://developers.cloudflare.com/warp-client/get-started/windows/",
"refsource": "MISC",
"url": "https://developers.cloudflare.com/warp-client/get-started/windows/"
},
{
"name": "https://install.appcenter.ms/orgs/cloudflare/apps/1.1.1.1-windows-1/distribution_groups/release",
"refsource": "MISC",
"url": "https://install.appcenter.ms/orgs/cloudflare/apps/1.1.1.1-windows-1/distribution_groups/release"
},
{
"name": "https://github.com/cloudflare/advisories/security/advisories/GHSA-q55r-53c8-5642",
"refsource": "MISC",
"url": "https://github.com/cloudflare/advisories/security/advisories/GHSA-q55r-53c8-5642"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:cloudflare:warp:*:*:*:*:*:windows:*:*",
"cpe_name": [],
"versionEndIncluding": "2023.3.381.0",
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "cna@cloudflare.com",
"ID": "CVE-2023-1862"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "Cloudflare WARP client for Windows (up to v2023.3.381.0) allowed a malicious actor to remotely access the warp-svc.exe\u00a0binary due to an insufficient access control policy on an IPC Named Pipe. This would have enabled an attacker to trigger WARP connect and disconnect commands, as well as obtaining network diagnostics and application configuration from the target\u0027s device. It is important to note that in order to exploit this, a set of requirements would need to be met, such as the target\u0027s device must\u0027ve been reachable on port 445, allowed authentication with NULL sessions or otherwise having knowledge of the target\u0027s credentials.\n\n"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://developers.cloudflare.com/warp-client/get-started/windows/",
"refsource": "MISC",
"tags": [
"Product"
],
"url": "https://developers.cloudflare.com/warp-client/get-started/windows/"
},
{
"name": "https://github.com/cloudflare/advisories/security/advisories/GHSA-q55r-53c8-5642",
"refsource": "MISC",
"tags": [
"Vendor Advisory"
],
"url": "https://github.com/cloudflare/advisories/security/advisories/GHSA-q55r-53c8-5642"
},
{
"name": "https://install.appcenter.ms/orgs/cloudflare/apps/1.1.1.1-windows-1/distribution_groups/release",
"refsource": "MISC",
"tags": [
"Release Notes"
],
"url": "https://install.appcenter.ms/orgs/cloudflare/apps/1.1.1.1-windows-1/distribution_groups/release"
}
]
}
},
"impact": {
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.4
}
},
"lastModifiedDate": "2023-06-29T19:44Z",
"publishedDate": "2023-06-20T09:15Z"
}
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…