Plattform
go
Komponente
github.com/cloudflare/cloudflared
Behoben in
2020.8.1
0.0.0-20200820025921-9323844ea773
CVE-2020-24356 describes a Privilege Escalation vulnerability discovered in cloudflared versions before 0.0.0-20200820025921-9323844ea773 on Windows. This flaw allows an unprivileged user to potentially gain elevated system privileges by exploiting a misconfiguration in how cloudflared reads its configuration files. The vulnerability is resolved in version 0.0.0-20200820025921-9323844ea773.
An attacker can exploit this vulnerability by manipulating the configuration file path used by cloudflared. Specifically, if an administrator has configured cloudflared to read configuration files from a directory without proper access controls (like C:\etc\), an unprivileged user can create or modify a configuration file to execute arbitrary system commands. This effectively allows the attacker to bypass standard privilege restrictions and gain control over the system. The blast radius extends to any system running a vulnerable version of cloudflared with the misconfiguration in place, potentially allowing for complete system compromise.
This CVE was published on 2021-05-24. There is no indication of active exploitation or inclusion in the CISA KEV catalog at the time of writing. Public proof-of-concept (PoC) code is not widely available, but the vulnerability's nature suggests it could be exploited relatively easily if a suitable configuration is found. The vulnerability's impact is significant due to the potential for privilege escalation.
Organizations using cloudflared for tunneling or other network services on Windows systems are at risk, particularly those with misconfigured deployment practices. Shared hosting environments where users have limited control over system configuration are also vulnerable. Legacy deployments that haven't been regularly updated are especially susceptible.
• windows / supply-chain:
Get-Service cloudflared | Select-Object Status• windows / supply-chain:
Get-Acl -Path "C:\etc\" | Format-List• windows / supply-chain:
Get-ScheduledTask | Where-Object {$_.TaskName -like '*cloudflared*'}patch
disclosure
Exploit-Status
EPSS
0.03% (10% Perzentil)
CVSS-Vektor
The primary mitigation for CVE-2020-24356 is to upgrade cloudflared to version 0.0.0-20200820025921-9323844ea773 or later. If an immediate upgrade is not feasible, restrict access to the configuration directory used by cloudflared to only authorized administrators. Implement strict access control lists (ACLs) to prevent unprivileged users from modifying configuration files. Consider using a WAF or proxy to inspect and filter configuration file requests, although this is less effective than proper access controls. After upgrading, confirm the fix by verifying that the configuration file path is properly secured and that unprivileged users cannot modify it.
Aktualisieren Sie cloudflared auf Version 2020.8.1 oder höher. Dies behebt die lokale Privilegieeskaltionsschwachstelle in Windows-Systemen.
Schwachstellenanalysen und kritische Warnungen direkt in deinen Posteingang.
CVE-2020-24356 is a vulnerability in cloudflared versions before 0.0.0-20200820025921-9323844ea773 on Windows that allows unprivileged users to escalate privileges and execute system commands due to a misconfigured configuration file.
You are affected if you are running cloudflared on Windows versions prior to 0.0.0-20200820025921-9323844ea773 and have misconfigured the configuration file directory (C:\etc\).
Upgrade cloudflared to version 0.0.0-20200820025921-9323844ea773 or later. Restrict access to the C:\etc\ directory to authorized administrators.
No active exploitation campaigns have been publicly reported, but the vulnerability's potential impact warrants attention.
Refer to the cloudflared release notes and GitHub repository for details: https://github.com/cloudflare/cloudflared/releases/tag/v2020.8.1
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.
Lade deine go.mod-Datei hoch und wir sagen dir sofort, ob du betroffen bist.