CVE-2022-3321

EPSS 0.02%
Published 28.10.2022 10:15:16
Last modified 21.11.2024 07:19:17
Source cna@cloudflare.com
CVE-Watchlists
Login
Open
Login

It was possible to bypass  Lock WARP switch feature https://developers.cloudflare.com/cloudflare-one/connections/connect-devices/warp/warp-settings/#lock-warp-switch  on the WARP iOS mobile client by enabling both "Disable for cellular networks" and "Disable for Wi-Fi networks" switches at once in the application settings. Such configuration caused the WARP client to disconnect and allowed the user to bypass restrictions and policies enforced by the Zero Trust platform.

Affected products Warnungen 0 Metrics 3 CWE 1 References 4

Data is provided by the National Vulnerability Database (NVD)

Cloudflare ≫ Warp Mobile Client SwPlatformiphone_os Version < 6.14

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.02%	0.03

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	8.2	3.9	4.2	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:L
cna@cloudflare.com	6.7	1.5	4.7	CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:N/I:H/A:L

CWE-862 Missing Authorization

The product does not perform an authorization check when an actor attempts to access a resource or perform an action.

https://github.com/cloudflare/advisories/security/advisories/GHSA-4463-5p9m-3c78

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2022-3321

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2022-3321

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2022-3321

EUVD