CVE-2022-4428

{"id": "CVE-2022-4428", "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "cna@cloudflare.com", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 8.9, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:L", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 6.0, "exploitabilityScore": 2.3}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.0, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.1}]}, "published": "2023-01-11T17:15:09.383", "references": [{"url": "https://github.com/cloudflare/advisories/security/advisories/GHSA-h3j3-fhqg-66rh", "tags": ["Product", "Third Party Advisory"], "source": "cna@cloudflare.com"}, {"url": "https://github.com/cloudflare/advisories/security/advisories/GHSA-h3j3-fhqg-66rh", "tags": ["Product", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Secondary", "source": "cna@cloudflare.com", "description": [{"lang": "en", "value": "CWE-20"}]}, {"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-20"}]}], "descriptions": [{"lang": "en", "value": "support_uri parameter in the WARP client local settings file (mdm.xml) lacked proper validation which allowed for privilege escalation and launching an arbitrary executable on the local machine upon clicking on the \"Send feedback\" option. An attacker with access to the local file system could use a crafted XML config file pointing to a malicious file or set a local path to the executable using Cloudflare Zero Trust Dashboard (for Zero Trust enrolled clients).\n"}, {"lang": "es", "value": "El par\u00e1metro support_uri en el archivo de configuraci\u00f3n local del cliente WARP (mdm.xml) carec\u00eda de la validaci\u00f3n adecuada, lo que permit\u00eda escalar privilegios y lanzar un ejecutable arbitrario en la m\u00e1quina local al hacer clic en la opci\u00f3n \"Enviar comentarios\". Un atacante con acceso al sistema de archivos local podr\u00eda usar un archivo de configuraci\u00f3n XML manipulado que apunte a un archivo malicioso o establecer una ruta local al ejecutable usando Cloudflare Zero Trust Dashboard (para clientes inscritos en Zero Trust)."}], "lastModified": "2024-11-21T07:35:14.653", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:cloudflare:warp:*:*:*:*:*:windows:*:*", "vulnerable": true, "matchCriteriaId": "1D88EEFC-CC34-4519-AC8A-7A46F6C8ADF1", "versionEndIncluding": "2022.10.106.0"}], "operator": "OR"}]}], "sourceIdentifier": "cna@cloudflare.com"}