CVE-2022-3322

EPSS 0.09%
Veröffentlicht 28.10.2022 10:15:17
Zuletzt bearbeitet 21.11.2024 07:19:17
Quelle cna@cloudflare.com
CVE-Watchlists
Login
Unerledigt
Login

Lock WARP switch bypass on WARP mobile client using iOS quick action

Lock Warp switch is a feature of Zero Trust platform which, when
 enabled, prevents users of enrolled devices from disabling WARP client.
 Due to insufficient policy verification by WARP iOS client, this 
feature could be bypassed by using the "Disable WARP" quick action.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 2 Referenzen 4

NVD 1 VulnDex Vulnerability Enrichment 0

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Cloudflare ≫ Warp Mobile Client SwPlatformiphone_os Version < 6.14

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.09%	0.245

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
cna@cloudflare.com	6.7	1.5	4.7	CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:N/I:H/A:L

CWE-347 Improper Verification of Cryptographic Signature

The product does not verify, or incorrectly verifies, the cryptographic signature for data.

CWE-862 Missing Authorization

The product does not perform an authorization check when an actor attempts to access a resource or perform an action.

https://github.com/cloudflare/advisories/security/advisories/GHSA-76pg-rp9h-wmcj

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2022-3322

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2022-3322

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2022-3322

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2022-3322