CVE-2022-3321
8.2 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:L
7.8 High
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
29.9%
It was possible to bypass Lock WARP switch feature https://developers.cloudflare.com/cloudflare-one/connections/connect-devices/warp/warp-settings/#lock-warp-switch Β on the WARP iOS mobile client by enabling both βDisable for cellular networksβ and βDisable for Wi-Fi networksβ switches at once in the application settings. Such configuration caused the WARP client to disconnect and allowed the user to bypass restrictions and policies enforced by the Zero Trust platform.
Affected configurations
| CPE | Name | Operator | Version |
|---|---|---|---|
| cloudflare:warp_mobile_client | cloudflare warp mobile client | lt | 6.14 |
CNA Affected
[
{
"defaultStatus": "unaffected",
"platforms": [
"iOS"
],
"product": "WARP",
"vendor": "Cloudflare",
"versions": [
{
"lessThan": "6.14",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
]Related
8.2 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:L
7.8 High
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
29.9%