VYPR
← All advisories
Unrated severityNVD Advisory· Published Apr 5, 2023· Updated Feb 10, 2025

Local Privilege Escalation Vulnerability in WARP's MSI Installer

CVE-2023-1412

Description

An unprivileged (non-admin) user can exploit an Improper Access Control vulnerability in the Cloudflare WARP Client for Windows (<= 2022.12.582.0) to perform privileged operations with SYSTEM context by working with a combination of opportunistic locks (oplock) and symbolic links (which can both be created by an unprivileged user).

After installing the Cloudflare WARP Client (admin privileges required), an MSI-Installer is placed under C:\Windows\Installer. The vulnerability lies in the repair function of this MSI.

ImpactAn unprivileged (non-admin) user can exploit this vulnerability to perform privileged operations with SYSTEM context, including deleting arbitrary files and reading arbitrary file content. This can lead to a variety of attacks, including the manipulation of system files and privilege escalation.

PatchesA new installer with a fix that addresses this vulnerability was released in version 2023.3.381.0. While the WARP Client itself is not vulnerable (only the installer), users are encouraged to upgrade to the latest version and delete any older installers present in their systems.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Unprivileged user can exploit improper access control in Cloudflare WARP installer to gain SYSTEM privileges via oplocks and symlinks.

Vulnerability

The Cloudflare WARP Client for Windows versions up to and including 2022.12.582.0 contain an Improper Access Control vulnerability in the MSI installer placed at C:\Windows\Installer after installation. An unprivileged user can exploit the MSI's repair function using opportunistic locks (oplock) and symbolic links to perform privileged operations. [2]

Exploitation

An attacker with a non-admin user account on the system can create opportunistic locks and symbolic links. By triggering the MSI repair function, the attacker can redirect file operations to arbitrary system files, leveraging the SYSTEM context of the installer process. [2]

Impact

Successful exploitation allows the attacker to delete arbitrary files and read arbitrary file content with SYSTEM privileges, leading to privilege escalation and potential system compromise. [2]

Mitigation

Cloudflare released a fixed installer in version 2023.3.381.0. Users should upgrade to the latest version and delete any older installers present in C:\Windows\Installer. [1][2]

References
  1. Windows desktop client · Cloudflare WARP client docs
  2. Local Privilege Escalation Vulnerability in WARP's MSI Installer

AI Insight generated on May 25, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

2

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

3

News mentions

0

No linked articles in our index yet.