CVE-2022-3322

EPSS 0.02%
Veröffentlicht 28.10.2022 10:15:17
Zuletzt bearbeitet 21.11.2024 07:19:17
Quelle cna@cloudflare.com
CVE-Watchlists
Login
Unerledigt
Login

Lock Warp switch is a feature of Zero Trust platform which, when
 enabled, prevents users of enrolled devices from disabling WARP client.
 Due to insufficient policy verification by WARP iOS client, this 
feature could be bypassed by using the "Disable WARP" quick action.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 2 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Cloudflare ≫ Warp Mobile Client SwPlatformiphone_os Version < 6.14

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.02%	0.029

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
cna@cloudflare.com	6.7	1.5	4.7	CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:N/I:H/A:L

CWE-347 Improper Verification of Cryptographic Signature

The product does not verify, or incorrectly verifies, the cryptographic signature for data.

CWE-862 Missing Authorization

The product does not perform an authorization check when an actor attempts to access a resource or perform an action.

https://github.com/cloudflare/advisories/security/advisories/GHSA-76pg-rp9h-wmcj

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2022-3322

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2022-3322

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2022-3322

EUVD