CVE-2022-3322

Published: Oct 28, 2022Modified: Nov 21, 2024

7.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

Lock Warp switch is a feature of Zero Trust platform which, when enabled, prevents users of enrolled devices from disabling WARP client. Due to insufficient policy verification by WARP iOS client, this feature could be bypassed by using the "Disable WARP" quick action.

Affected (1)

Products: Cloudflare: Warp Mobile Client

1 product

Warp Mobile Client

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Cloudflare Warp Mobile Client	Before 6.14

Related CWEs

Improper Verification of Cryptographic Signature

The product does not verify, or incorrectly verifies, the cryptographic signature for data.

Missing Authorization

The product does not perform an authorization check when an actor attempts to access a resource or perform an action.

References (2)

https://github.com/cloudflare/advisories/security/advisories/GHSA-76pg-rp9h-wmcj

Source: cna@cloudflare.com

Third Party Advisory

https://github.com/cloudflare/advisories/security/advisories/GHSA-76pg-rp9h-wmcj

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

Timeline

No history available yet.