CloudflareCVELIST:CVE-2022-3321CVE-2022-3321 Lock WARP switch feature bypass on WARP mobile client for iOS
6.7 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:N/I:H/A:L
8.1 High
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
29.7%
It was possible to bypass Lock WARP switch feature https://developers.cloudflare.com/cloudflare-one/connections/connect-devices/warp/warp-settings/#lock-warp-switch Β on the WARP iOS mobile client by enabling both βDisable for cellular networksβ and βDisable for Wi-Fi networksβ switches at once in the application settings. Such configuration caused the WARP client to disconnect and allowed the user to bypass restrictions and policies enforced by the Zero Trust platform.
CNA Affected
[
{
"defaultStatus": "unaffected",
"platforms": [
"iOS"
],
"product": "WARP",
"vendor": "Cloudflare",
"versions": [
{
"lessThan": "6.14",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
]Related
6.7 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:N/I:H/A:L
8.1 High
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
29.7%