Lucene search
HistoryOct 28, 2022 - 10:15 a.m.
CVE-2022-3512
cve-2022-3512
warp-cli
add-trusted-ssid
lock warp switch
zero trust policies
endpoint security
CVSS3
8.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
AI Score
8.7
Confidence
High
EPSS
0.001
Percentile
42.8%
Using warp-cli command “add-trusted-ssid”, a user was able to disconnect WARP client and bypass the “Lock WARP switch” feature resulting in Zero Trust policies not being enforced on an affected endpoint.
Affected configurations
Node
cloudflarewarpRange<2022.8.857.0windows
ORcloudflarewarpRange<2022.8.861.0macos
ORcloudflarewarpRange<2022.8.936linux_kernel
CNA Affected
[
{
"defaultStatus": "unaffected",
"platforms": [
"Windows"
],
"product": "WARP",
"vendor": "Cloudflare",
"versions": [
{
"lessThan": "2022.8.857",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"Linux"
],
"product": "WARP",
"vendor": "Cloudflare",
"versions": [
{
"lessThan": "2022.8.936",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"MacOS"
],
"product": "WARP",
"vendor": "Cloudflare",
"versions": [
{
"lessThan": "2022.8.861",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
]Social References
More
Related
nvd
nvd
CVE-2022-3512
2022-10-28 10:15:17
hackerone
hackerone
alpinelinux
alpinelinux
CVE-2022-3512
2022-10-28 10:15:17
prion
prion
Design/Logic Flaw
2022-10-28 10:15:00
cvelist
cvelist
CVSS3
8.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
AI Score
8.7
Confidence
High
EPSS
0.001
Percentile
42.8%
Related for CVE-2022-3512