CVE-2022-2147
Medium
Published: 23 June 2022
Published
23 June 2022
Modified
21 November 2024
KEV Added
—
Patch
—
CVSS Score v3.1
6.5
CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H
EPSS Score
0.0010
27.3th percentile
Risk Priority
13
60% EPSS · 20% KEV · 20% CVSS
Summary
CVE-2022-2147 is a medium-severity Unquoted Search Path or Element (CWE-428) vulnerability in Cloudflare Warp. Its CVSS base score is 6.5 (Medium).
Operationally, ranked at the 27.3th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2022-34432
Vulnerability details
Cloudflare Warp for Windows from version 2022.2.95.0 contained an unquoted service path which enables arbitrary code execution leading to privilege escalation. The fix was released in version 2022.3.186.0.
- CWE(s)
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
cloudflare
warp
2022.2.95.0 — 2022.3.186.0
Mitigating Controls
No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.