7.4

CVE-2023-2754

EPSS 0.74%
Published 03.08.2023 15:15:23
Last modified 21.11.2024 07:59:13
Source cna@cloudflare.com
CVE-Watchlists
Login
Open
Login

The Cloudflare WARP client for Windows assigns loopback IPv4 addresses for the DNS Servers, since WARP acts as local DNS server that performs DNS queries in a secure manner, however, if a user is connected to WARP over an IPv6-capable network, te WARP client did not assign loopback IPv6 addresses but Unique Local Addresses, which under certain conditions could point towards unknown devices in the same local network which enables an Attacker to view DNS queries made by the device.

Affected products Warnungen 0 Metrics 3 CWE 1 References 6

Data is provided by the National Vulnerability Database (NVD)

Cloudflare ≫ Warp SwPlatformwindows Version < 2023.7.160.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.74%	0.721

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	6.8	1.6	5.2	CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
cna@cloudflare.com	7.4	2.2	5.2	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

CWE-319 Cleartext Transmission of Sensitive Information

The product transmits sensitive or security-critical data in cleartext in a communication channel that can be sniffed by unauthorized actors.

https://install.appcenter.ms/orgs/cloudflare/apps/1.1.1.1-windows-1/distribution_groups/release

Release Notes

https://developers.cloudflare.com/warp-client/

Product

https://github.com/cloudflare/advisories/security/advisories/GHSA-mv6g-7577-vq4w

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2023-2754

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-2754

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-2754

EUVD