CVE-2020-35152
MEDIUMCloudflare WARP for Windows <1.2.2695.1 - Privilege Escalation
Title source: llmDescription
Cloudflare WARP for Windows allows privilege escalation due to an unquoted service path. A malicious user or process running with non-administrative privileges can become an administrator by abusing the unquoted service path issue. Since version 1.2.2695.1, the vulnerability was fixed by adding quotes around the service's binary path. This issue affects Cloudflare WARP for Windows, versions prior to 1.2.2695.1.
References (1)
Core 1
Core References
Third Party Advisory x_refsource_confirm
https://github.com/cloudflare/advisories/security/advisories/GHSA-qc57-v5q8-f22h
Scores
CVSS v3
4.5
EPSS
0.0027
EPSS Percentile
18.9%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L
Details
CWE
CWE-428
Status
published
Products (1)
cloudflare/warp
< 1.2.2695.1
Published
Feb 03, 2021
Tracked Since
Feb 18, 2026