Lucene search

K
cvelistCloudflareCVELIST:CVE-2022-3512
HistoryOct 28, 2022 - 9:22 a.m.

CVE-2022-3512 Lock WARP switch bypass using warp-cli 'add-trusted-ssid' command

2022-10-2809:22:08
CWE-862
cloudflare
www.cve.org
cve-2022-3512
lock warp switch
warp-cli
add-trusted-ssid
disconnect
zero trust policies

CVSS3

6.7

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

LOW

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:N/I:H/A:L

AI Score

9

Confidence

High

EPSS

0.001

Percentile

42.8%

Using warp-cli command β€œadd-trusted-ssid”, a user was able to disconnect WARP client and bypass the β€œLock WARP switch” feature resulting in Zero Trust policies not being enforced on an affected endpoint.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "platforms": [
      "Windows"
    ],
    "product": "WARP",
    "vendor": "Cloudflare",
    "versions": [
      {
        "lessThan": "2022.8.857",
        "status": "affected",
        "version": "0",
        "versionType": "semver"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "platforms": [
      "Linux"
    ],
    "product": "WARP",
    "vendor": "Cloudflare",
    "versions": [
      {
        "lessThan": "2022.8.936",
        "status": "affected",
        "version": "0",
        "versionType": "semver"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "platforms": [
      "MacOS"
    ],
    "product": "WARP",
    "vendor": "Cloudflare",
    "versions": [
      {
        "lessThan": "2022.8.861",
        "status": "affected",
        "version": "0",
        "versionType": "semver"
      }
    ]
  }
]

CVSS3

6.7

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

LOW

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:N/I:H/A:L

AI Score

9

Confidence

High

EPSS

0.001

Percentile

42.8%

Related for CVELIST:CVE-2022-3512