CVE-2020-24356

`cloudflared` versions prior to 2020.8.1 contain a local privilege escalation vulnerability on Windows systems. When run on a Windows system, `cloudflared` searches for configuration files which could be abused by a malicious entity to execute commands as a privileged user. Version 2020.8.1 fixes this issue.

CVSS v3 6.4 MEDIUM
CVSS v2.0 4.6 MEDIUM

6.4^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 1.1 / Impact : 4.7

Attack Vector LOCAL

Attack Complexity HIGH

Privileges Required LOW

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact HIGH

Availability Impact NONE

Scope CHANGED

4.6^/10

CVSS v2.0 : MEDIUM

Vector : AV:L/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 3.9 / Impact : 6.4

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
https://github.com/cloudflare/cloudflared/security/advisories/GHSA-hgwp-4vp4-qmm2	Third Party Advisory
https://github.com/cloudflare/cloudflared/security/advisories/GHSA-hgwp-4vp4-qmm2	Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:cloudflare:cloudflared:*:*:*:*:*:*:*:*

History

21 Nov 2024, 05:14

Type	Values Removed	Values Added
CVSS	v2 : ~~4.6~~ v3 : ~~7.8~~	v2 : 4.6 v3 : 6.4
References	~~() https://github.com/cloudflare/cloudflared/security/advisories/GHSA-hgwp-4vp4-qmm2 - Third Party Advisory~~	() https://github.com/cloudflare/cloudflared/security/advisories/GHSA-hgwp-4vp4-qmm2 - Third Party Advisory

Information

Published : 2020-10-02 15:15

Updated : 2024-11-21 05:14

NVD link : CVE-2020-24356

Mitre link : CVE-2020-24356

CVE.ORG link : CVE-2020-24356

JSON object : View

Products Affected

cloudflare

cloudflared

CWE

CWE-427

Uncontrolled Search Path Element

{"id": "CVE-2020-24356", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.6, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Secondary", "source": "cna@cloudflare.com", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 6.4, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "impactScore": 4.7, "exploitabilityScore": 1.1}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.8}]}, "published": "2020-10-02T15:15:12.483", "references": [{"url": "https://github.com/cloudflare/cloudflared/security/advisories/GHSA-hgwp-4vp4-qmm2", "tags": ["Third Party Advisory"], "source": "cna@cloudflare.com"}, {"url": "https://github.com/cloudflare/cloudflared/security/advisories/GHSA-hgwp-4vp4-qmm2", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-427"}]}], "descriptions": [{"lang": "en", "value": "`cloudflared` versions prior to 2020.8.1 contain a local privilege escalation vulnerability on Windows systems. When run on a Windows system, `cloudflared` searches for configuration files which could be abused by a malicious entity to execute commands as a privileged user. Version 2020.8.1 fixes this issue."}, {"lang": "es", "value": "\"cloudflared\" versiones anteriores a 2020.8.1, contiene una vulnerabilidad de escalada de privilegios local en los sistemas Windows. Cuando se ejecuta en un sistema Windows, \"cloudflared\" busca archivos de configuraci\u00f3n que podr\u00edan ser abusados ??por una entidad maliciosa para ejecutar comandos como un usuario privilegiado. La versi\u00f3n 2020.8.1 corrige este problema"}], "lastModified": "2024-11-21T05:14:39.480", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:cloudflare:cloudflared:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2FBA4059-5A07-40A9-A872-A0EA31E346ED", "versionEndExcluding": "2020.8.1"}], "operator": "OR"}]}], "sourceIdentifier": "cna@cloudflare.com"}