Lock WARP switch bypass on WARP mobile client using iOS quick action
CVE-2022-3322

6.7MEDIUM

Key Information:

Vendor: Cloudflare
Status: Warp
Vendor: CVE Published:; 28 October 2022

What is CVE-2022-3322?

Lock Warp switch is a feature of Zero Trust platform which, when enabled, prevents users of enrolled devices from disabling WARP client. Due to insufficient policy verification by WARP iOS client, this feature could be bypassed by using the "Disable WARP" quick action.

Affected Version(s)

WARP iOS 0 < 6.14

References

https://github.com/cloudflare/advisories/security/advisor...

CVSS V3.1

Score:

6.7

Severity:

MEDIUM

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 28, 2022
Vulnerability Reserved
Sep 26, 2022

Credit

Josh (joshmotionfans)