CVE-2023-1314— Cloudflare cloudflared 后置链接漏洞

Local Privilege Escalation Vulnerability in cloudflared's Installer

A vulnerability has been discovered in cloudflared's installer (<= 2023.3.0) for Windows 32-bits devices that allows a local attacker with no administrative permissions to escalate their privileges on the affected device. This vulnerability exists because the MSI installer used by cloudflared relied on a world-writable directory. An attacker with local access to the device (without Administrator rights) can use symbolic links to trick the MSI installer into deleting files in locations that the attacker would otherwise have no access to. By creating a symlink from the world-writable directory to the target file, the attacker can manipulate the MSI installer's repair functionality to delete the target file during the repair process. Exploitation of this vulnerability could allow an attacker to delete important system files or replace them with malicious files, potentially leading to the affected device being compromised. The cloudflared client itself is not affected by this vulnerability, only the installer for 32-bit Windows devices.

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:N/I:H/A:H

在文件访问前对链接解析不恰当(链接跟随)

Cloudflare cloudflared 后置链接漏洞

Cloudflare cloudflared是美国Cloudflare公司的一个云服务器安全管理平台。该平台可提供防火墙分析、缓存控制、基于角色访问等功能。 Cloudflare cloudflared (Windows 32-bit) 2023.3.0及之前版本存在安全漏洞，该漏洞源于 cloudflared 使用的 MSI 安装程序依赖于全局可写目录，攻击者利用该漏洞可以提升权限。

N/A

N/A