Cloudflare WARP Client for Windows Improper Access Control Vulnerability Allowing Privilege Escalation

A vulnerability allowing improper access control has been identified in the Cloudflare WARP Client for Windows, specifically in versions through 2022.12.582.0. This vulnerability can be exploited by an unprivileged user to perform actions with SYSTEM privileges. The issue arises in the MSI installer placed under C:\Windows\Installer' after WARP is installed. By leveraging opportunistic locks and symbolic links, both of which can be created by non-admin users, the vulnerability allows for the deletion and reading of arbitrary files, potentially leading to manipulation of system files and unauthorized privilege escalation.

Impact

Exploitation of this vulnerability allows an unprivileged user to execute privileged operations with SYSTEM context, such as deleting or reading arbitrary files. This could be used to manipulate critical system files or escalate privileges.

Remediation

Users are advised to upgrade to Cloudflare WARP Client version 2023.3.381.0 or later. After updating, any older installers should be deleted from the system.