CVE-2023-2754

CVSS V2 None CVSS V3 None

Description

The Cloudflare WARP client for Windows assigns loopback IPv4 addresses for the DNS Servers, since WARP acts as local DNS server that performs DNS queries in a secure manner, however, if a user is connected to WARP over an IPv6-capable network, te WARP client did not assign loopback IPv6 addresses but Unique Local Addresses, which under certain conditions could point towards unknown devices in the same local network which enables an Attacker to view DNS queries made by the device.

Overview

CVE ID
CVE-2023-2754

Assigner
cloudflare

Vulnerability Status
PUBLISHED

Published Version
2023-08-03T13:53:00.634Z

Last Modified Date
2023-08-03T13:53:00.634Z

Weakness Enumerations

CWE	URL
CWE-319	http://cwe.mitre.org/data/definitions/319.html

References

Reference URL	Reference Tags
https://install.appcenter.ms/orgs/cloudflare/apps/1.1.1.1-windows-1/distribution_groups/release	release-notes
https://github.com/cloudflare/advisories/security/advisories/GHSA-mv6g-7577-vq4w	vendor-advisory
https://developers.cloudflare.com/warp-client/	product

Sources

Source Name	Source URL
NIST	https://nvd.nist.gov/vuln/detail/CVE-2023-2754
MITRE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2754

History

Created	Old Value	New Value	Data Type	Notes
2024-06-24 21:46:26				Added to TrackCVE