Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nvd[email protected]NVD:CVE-2022-3337
HistoryOct 28, 2022 - 10:15 a.m.

CVE-2022-3337

2022-10-2810:15:17
CWE-862
CWE-290
[email protected]
web.nvd.nist.gov
1
vpn profile
lock warp switch
ios platform
zero trust platform
bypassing policies

8.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:L

0.001 Low

EPSS

Percentile

31.4%

JSON

It was possible for a user to delete a VPN profile from WARP mobile client on iOS platform despite the Lock WARP switch https://developers.cloudflare.com/cloudflare-one/connections/connect-devices/warp/warp-settings/#lock-warp-switch Β feature
being enabled on Zero Trust Platform. This led to bypassing policies
and restrictions enforced for enrolled devices by the Zero Trust
platform.

Affected configurations

NVD
Node
cloudflarewarp_mobile_clientRange<6.15iphone_os

Related

hackerone 1
cvelist 1
prion 1
cve 1
hackerone
hackerone
Cloudflare Public Bug Bounty: Completely remove VPN profile from locked WARP iOS cient.
2022-07-11 09:19:51
cvelist
cvelist
CVE-2022-3337 Lock WARP switch bypass by removing VPN profile on iOS mobile client
2022-10-28 09:25:31
prion
prion
Information disclosure
2022-10-28 10:15:00
cve
cve
CVE-2022-3337
2022-10-28 10:15:17

8.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:L

0.001 Low

EPSS

Percentile

31.4%

JSON
Related for NVD:CVE-2022-3337
hackerone1cvelist1prion1cve1