Lucene search

CloudflareCVELIST:CVE-2022-3322

HistoryOct 28, 2022 - 9:25 a.m.

CVE-2022-3322 Lock WARP switch bypass on WARP mobile client using iOS quick action

2022-10-2809:25:55

CWE-862

cloudflare

www.cve.org

cve-2022-3322

lock warp switch

bypass

warp mobile client

ios quick action

zero trust platform

insufficient policy verification

6.7 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

LOW

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:N/I:H/A:L

7.5 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

26.3%

JSON

Lock Warp switch is a feature of Zero Trust platform which, when
enabled, prevents users of enrolled devices from disabling WARP client.
Due to insufficient policy verification by WARP iOS client, this
feature could be bypassed by using the “Disable WARP” quick action.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "platforms": [
      "iOS"
    ],
    "product": "WARP",
    "vendor": "Cloudflare",
    "versions": [
      {
        "lessThan": "6.14",
        "status": "affected",
        "version": "0",
        "versionType": "semver"
      }
    ]
  }
]

References

github.com/cloudflare/advisories/security/advisories/GHSA-76pg-rp9h-wmcj