Insufficient Validation on Override Codes for Always-Enabled WARP Mode
CVE-2023-3747

5.5MEDIUM

Key Information:

Vendor: Cloudflare
Status: Warp Client
Vendor: CVE Published:; 7 September 2023

What is CVE-2023-3747?

Zero Trust Administrators have the ability to disallow end users from disabling WARP on their devices. Override codes can also be created by the Administrators to allow a device to temporarily be disconnected from WARP, however, due to lack of server side validation, an attacker with local access to the device, could extend the maximum allowed disconnected time of WARP client granted by an override code by changing the date & time on the local device where WARP is running.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

WARP Client Android 0 < 6.29

References

https://play.google.com/store/apps/details?id=com.cloudfl...

release-notes

https://developers.cloudflare.com/cloudflare-one/connecti...

CVSS V3.1

Score:

5.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Sep 7, 2023
Vulnerability Reserved
Jul 18, 2023

JSON

Cloudflare

What is CVE-2023-3747?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

Affected Version(s)

References

CVSS V3.1

Timeline

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.