CVE-2022-3322

Lock Warp switch is a feature of Zero Trust platform which, when enabled, prevents users of enrolled devices from disabling WARP client. Due to insufficient policy verification by WARP iOS client, this feature could be bypassed by using the "Disable WARP" quick action.

CVSS v3 6.7 MEDIUM

6.7^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 1.5 / Impact : 4.7

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction REQUIRED

Confidentiality Impact NONE

Integrity Impact HIGH

Availability Impact LOW

Scope CHANGED

References

Link	Resource
https://github.com/cloudflare/advisories/security/advisories/GHSA-76pg-rp9h-wmcj	Third Party Advisory
https://github.com/cloudflare/advisories/security/advisories/GHSA-76pg-rp9h-wmcj	Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:cloudflare:warp_mobile_client:*:*:*:*:*:iphone_os:*:*

History

21 Nov 2024, 07:19

Type	Values Removed	Values Added
References	~~() https://github.com/cloudflare/advisories/security/advisories/GHSA-76pg-rp9h-wmcj - Third Party Advisory~~	() https://github.com/cloudflare/advisories/security/advisories/GHSA-76pg-rp9h-wmcj - Third Party Advisory
CVSS	v2 : ~~unknown~~ v3 : ~~7.5~~	v2 : unknown v3 : 6.7

31 Oct 2022, 17:10

Type	Values Removed	Values Added
CPE		cpe:2.3:a:cloudflare:warp_mobile_client::::::iphone_os::*
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 7.5
CWE		CWE-347
References	~~(MISC) https://github.com/cloudflare/advisories/security/advisories/GHSA-76pg-rp9h-wmcj -~~	(MISC) https://github.com/cloudflare/advisories/security/advisories/GHSA-76pg-rp9h-wmcj - Third Party Advisory

28 Oct 2022, 12:58

Type	Values Removed	Values Added
New CVE

Information

Published : 2022-10-28 10:15

Updated : 2024-11-21 07:19

NVD link : CVE-2022-3322

Mitre link : CVE-2022-3322

CVE.ORG link : CVE-2022-3322

JSON object : View

Products Affected

cloudflare

warp_mobile_client

CWE

CWE-862

Missing Authorization

CWE-347

Improper Verification of Cryptographic Signature

{"id": "CVE-2022-3322", "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "cna@cloudflare.com", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 6.7, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:N/I:H/A:L", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 4.7, "exploitabilityScore": 1.5}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2022-10-28T10:15:17.277", "references": [{"url": "https://github.com/cloudflare/advisories/security/advisories/GHSA-76pg-rp9h-wmcj", "tags": ["Third Party Advisory"], "source": "cna@cloudflare.com"}, {"url": "https://github.com/cloudflare/advisories/security/advisories/GHSA-76pg-rp9h-wmcj", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Secondary", "source": "cna@cloudflare.com", "description": [{"lang": "en", "value": "CWE-862"}]}, {"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-347"}]}], "descriptions": [{"lang": "en", "value": "Lock Warp switch is a feature of Zero Trust platform which, when\n enabled, prevents users of enrolled devices from disabling WARP client.\n Due to insufficient policy verification by WARP iOS client, this \nfeature could be bypassed by using the \"Disable WARP\" quick action.\n\n\n\n"}, {"lang": "es", "value": "El interruptor Lock Warp es una caracter\u00edstica de la plataforma Zero Trust que, cuando est\u00e1 habilitada, evita que los usuarios de dispositivos registrados deshabiliten el cliente WARP. Debido a una verificaci\u00f3n insuficiente de la pol\u00edtica por parte del cliente WARP iOS, esta caracter\u00edstica podr\u00eda omitirse mediante la acci\u00f3n r\u00e1pida \"\"Desactivar WARP\"\"."}], "lastModified": "2024-11-21T07:19:17.633", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:cloudflare:warp_mobile_client:*:*:*:*:*:iphone_os:*:*", "vulnerable": true, "matchCriteriaId": "1150BB9C-25CC-4DD9-9CEB-C5B30AA39D1C", "versionEndExcluding": "6.14"}], "operator": "OR"}]}], "sourceIdentifier": "cna@cloudflare.com"}