Lucene search

K
cve[email protected]CVE-2023-3747
HistorySep 07, 2023 - 1:15 p.m.

CVE-2023-3747

2023-09-0713:15:09
CWE-602
CWE-565
web.nvd.nist.gov
11
cve-2023-3747
warp
zero trust
administrators
override codes
disconnection
vulnerability
local access

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

5.4 Medium

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

52.3%

Zero Trust Administrators have the ability to disallow end users from disabling WARP on their devices. Override codes can also be created by the Administrators to allow a device to temporarily be disconnected from WARP, however, due to lack of server side validation, an attacker with local access to the device, could extend the maximum allowed disconnected time of WARP client granted by an override code by changing the date & time on the local device where WARP is running.

Affected configurations

NVD
Node
cloudflarewarpMatch6.29android
CPENameOperatorVersion
cloudflare:warpcloudflare warpeq6.29

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "platforms": [
      "Android"
    ],
    "product": "WARP Client",
    "vendor": "Cloudflare",
    "versions": [
      {
        "changes": [
          {
            "at": "6.29",
            "status": "unaffected"
          }
        ],
        "lessThan": "6.29",
        "status": "affected",
        "version": "0",
        "versionType": "release"
      }
    ]
  }
]

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

5.4 Medium

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

52.3%

Related for CVE-2023-3747