Lucene search

[email protected]CVE-2022-3322

HistoryOct 28, 2022 - 10:15 a.m.

CVE-2022-3322

2022-10-2810:15:17

CWE-347

CWE-862

[email protected]

web.nvd.nist.gov

lock warp switch

zero trust platform

cve-2022-3322

warp client

bypass

security

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

7.2 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

26.5%

JSON

Lock Warp switch is a feature of Zero Trust platform which, when
enabled, prevents users of enrolled devices from disabling WARP client.
Due to insufficient policy verification by WARP iOS client, this
feature could be bypassed by using the “Disable WARP” quick action.

Affected configurations

NVD

Node

cloudflarewarp_mobile_clientRange<6.14iphone_os

CPENameOperatorVersion
cloudflare:warp_mobile_clientcloudflare warp mobile clientlt6.14

CPE	Name	Operator	Version
cloudflare:warp_mobile_client	cloudflare warp mobile client	lt	6.14

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "platforms": [
      "iOS"
    ],
    "product": "WARP",
    "vendor": "Cloudflare",
    "versions": [
      {
        "lessThan": "6.14",
        "status": "affected",
        "version": "0",
        "versionType": "semver"
      }
    ]
  }
]

References

github.com/cloudflare/advisories/security/advisories/GHSA-76pg-rp9h-wmcj

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

7.2 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

26.5%

JSON

Related for CVE-2022-3322

nvd1 prion1 hackerone1 cvelist1