CVE-2022-2145

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "https://github.com/cloudflare/advisories/security/advisories/GHSA-6fpc-qxmr-6wrq", "name": "https://github.com/cloudflare/advisories/security/advisories/GHSA-6fpc-qxmr-6wrq", "tags": ["Release Notes", "Third Party Advisory"], "refsource": "MISC"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "Cloudflare WARP client for Windows (up to v. 2022.5.309.0) allowed creation of mount points from its ProgramData folder. During installation of the WARP client, it was possible to escalate privileges and overwrite SYSTEM protected files."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "CWE-59"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2022-2145", "ASSIGNER": "cna@cloudflare.com"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 7.2, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "severity": "HIGH", "acInsufInfo": false, "impactScore": 10.0, "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}, "baseMetricV3": {"cvssV3": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.8}}, "publishedDate": "2022-06-28T18:15Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:cloudflare:warp:*:*:*:*:*:windows:*:*", "cpe_name": [], "vulnerable": true, "versionEndExcluding": "2022.5.309.0"}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2022-07-08T13:37Z"}