Plateforme
go
Composant
github.com/cloudflare/cloudflared
Corrigé dans
2020.8.1
0.0.0-20200820025921-9323844ea773
CVE-2020-24356 describes a Privilege Escalation vulnerability in cloudflared versions before 0.0.0-20200820025921-9323844ea773 running on Windows. This flaw allows a local, unprivileged user to escalate their privileges and execute system-level commands if the cloudflared service is misconfigured. The vulnerability stems from insecure access controls on the configuration file directory.
An attacker exploiting this vulnerability could gain complete control over the affected Windows system. By leveraging the misconfiguration, an unprivileged user can execute arbitrary commands with the privileges of the cloudflared service, typically SYSTEM. This could lead to data theft, malware installation, or complete system compromise. The attack requires local access to the system and knowledge of the misconfigured configuration file path (C:\etc\). This vulnerability is particularly concerning in environments where cloudflared is used for tunneling or other sensitive network operations.
This CVE was published on May 24, 2021. While no active exploitation campaigns have been publicly reported, the vulnerability's ease of exploitation and potential impact warrant attention. There are currently no known public proof-of-concept exploits. The vulnerability is not listed on the CISA KEV catalog at the time of this writing.
Organizations using cloudflared for tunneling or other network services on Windows systems are at risk, particularly those with misconfigured deployment practices. Shared hosting environments where users have limited control over system configuration are also vulnerable. Legacy deployments that haven't been regularly updated are especially susceptible.
• windows / supply-chain:
Get-Service cloudflared | Select-Object Status• windows / supply-chain:
Get-Acl -Path "C:\etc\" | Format-List• windows / supply-chain:
Get-ScheduledTask | Where-Object {$_.TaskName -like '*cloudflared*'}patch
disclosure
Statut de l'Exploit
EPSS
0.03% (percentile 10%)
Vecteur CVSS
The primary mitigation is to upgrade cloudflared to version 0.0.0-20200820025921-9323844ea773 or later. If an immediate upgrade is not feasible, restrict access to the configuration directory (C:\etc\) to only authorized administrators. Implement strict access control lists (ACLs) to prevent unprivileged users from reading or writing to this directory. Consider using a more secure configuration directory location that is not accessible by default. After upgrading, verify the fix by attempting to execute a command as a non-administrator user and confirming that the attempt fails due to insufficient privileges.
Actualice cloudflared a la versión 2020.8.1 o posterior. Esto solucionará la vulnerabilidad de escalada de privilegios local en sistemas Windows.
Analyses de vulnérabilités et alertes critiques directement dans votre boîte mail.
CVE-2020-24356 is a vulnerability in cloudflared versions before 0.0.0-20200820025921-9323844ea773 on Windows that allows unprivileged users to escalate privileges and execute system commands due to a misconfigured configuration file.
You are affected if you are running cloudflared on Windows versions prior to 0.0.0-20200820025921-9323844ea773 and have misconfigured the configuration file directory (C:\etc\).
Upgrade cloudflared to version 0.0.0-20200820025921-9323844ea773 or later. Restrict access to the C:\etc\ directory to authorized administrators.
No active exploitation campaigns have been publicly reported, but the vulnerability's potential impact warrants attention.
Refer to the cloudflared release notes and GitHub repository for details: https://github.com/cloudflare/cloudflared/releases/tag/v2020.8.1
Téléverse ton fichier de dépendances et découvre instantanément si cette CVE et d'autres te touchent.
Téléverse ton fichier go.mod et nous te dirons instantanément si tu es affecté.