Search criteria
6 vulnerabilities found for warp_mobile_client by cloudflare
CVE-2022-3337 (GCVE-0-2022-3337)
Vulnerability from nvd – Published: 2022-10-28 09:25 – Updated: 2025-05-06 17:41
VLAI?
Title
Lock WARP switch bypass by removing VPN profile on iOS mobile client
Summary
It was possible for a user to delete a VPN profile from WARP mobile client on iOS platform despite the Lock WARP switch https://developers.cloudflare.com/cloudflare-one/connections/connect-devices/warp/warp-settings/#lock-warp-switch feature
being enabled on Zero Trust Platform. This led to bypassing policies
and restrictions enforced for enrolled devices by the Zero Trust
platform.
Severity ?
6.7 (Medium)
CWE
- CWE-862 - Missing Authorization
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cloudflare | WARP |
Affected:
0 , < 6.15
(semver)
|
Credits
Josh (joshmotionfans)
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T01:07:06.580Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/cloudflare/advisories/security/advisories/GHSA-vr93-4vx7-332p"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-3337",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-06T17:39:14.427525Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-06T17:41:15.374Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"iOS"
],
"product": "WARP",
"vendor": "Cloudflare",
"versions": [
{
"lessThan": "6.15",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"configurations": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Endpoint enrolled on Cloudflare Zero Trust (Cloudflare One)\u003cbr\u003e"
}
],
"value": "Endpoint enrolled on Cloudflare Zero Trust (Cloudflare One)\n"
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Josh (joshmotionfans)"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cdiv\u003e\u003cp\u003eIt was possible for a user to delete a VPN profile from WARP mobile client on iOS platform despite the \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://developers.cloudflare.com/cloudflare-one/connections/connect-devices/warp/warp-settings/#lock-warp-switch\"\u003eLock WARP switch\u003c/a\u003e\u0026nbsp;feature\n being enabled on Zero Trust Platform. This led to bypassing policies \nand restrictions enforced for enrolled devices by the Zero Trust \nplatform.\u003c/p\u003e\u003c/div\u003e"
}
],
"value": "It was possible for a user to delete a VPN profile from WARP mobile client on iOS platform despite the Lock WARP switch https://developers.cloudflare.com/cloudflare-one/connections/connect-devices/warp/warp-settings/#lock-warp-switch \u00a0feature\n being enabled on Zero Trust Platform. This led to bypassing policies \nand restrictions enforced for enrolled devices by the Zero Trust \nplatform.\n\n\n\n"
}
],
"impacts": [
{
"capecId": "CAPEC-122",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-122 Privilege Abuse"
}
]
},
{
"capecId": "CAPEC-554",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-554 Functionality Bypass"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:N/I:H/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "CWE-862 Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-10-28T09:25:31.596Z",
"orgId": "a22f1246-ba21-4bb4-a601-ad51614c1513",
"shortName": "cloudflare"
},
"references": [
{
"url": "https://github.com/cloudflare/advisories/security/advisories/GHSA-vr93-4vx7-332p"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Upgrade to specified patched version.\u003cbr\u003e"
}
],
"value": "Upgrade to specified patched version.\n"
}
],
"source": {
"advisory": "GHSA-vr93-4vx7-332p",
"discovery": "EXTERNAL"
},
"title": "Lock WARP switch bypass by removing VPN profile on iOS mobile client",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "a22f1246-ba21-4bb4-a601-ad51614c1513",
"assignerShortName": "cloudflare",
"cveId": "CVE-2022-3337",
"datePublished": "2022-10-28T09:25:31.596Z",
"dateReserved": "2022-09-27T10:25:13.653Z",
"dateUpdated": "2025-05-06T17:41:15.374Z",
"requesterUserId": "25b7b156-39bf-4f6b-8c25-8bc69c5c5e82",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-3322 (GCVE-0-2022-3322)
Vulnerability from nvd – Published: 2022-10-28 09:25 – Updated: 2025-05-05 20:15
VLAI?
Title
Lock WARP switch bypass on WARP mobile client using iOS quick action
Summary
Lock Warp switch is a feature of Zero Trust platform which, when
enabled, prevents users of enrolled devices from disabling WARP client.
Due to insufficient policy verification by WARP iOS client, this
feature could be bypassed by using the "Disable WARP" quick action.
Severity ?
6.7 (Medium)
CWE
- CWE-862 - Missing Authorization
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cloudflare | WARP |
Affected:
0 , < 6.14
(semver)
|
Credits
Josh (joshmotionfans)
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T01:07:06.465Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/cloudflare/advisories/security/advisories/GHSA-76pg-rp9h-wmcj"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-3322",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-05T20:15:36.247571Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-05T20:15:49.618Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"iOS"
],
"product": "WARP",
"vendor": "Cloudflare",
"versions": [
{
"lessThan": "6.14",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"configurations": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Endpoint enrolled on Cloudflare Zero Trust (Cloudflare One)\u003cbr\u003e"
}
],
"value": "Endpoint enrolled on Cloudflare Zero Trust (Cloudflare One)\n"
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Josh (joshmotionfans)"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cdiv\u003e\u003cp\u003eLock Warp switch is a feature of Zero Trust platform which, when\n enabled, prevents users of enrolled devices from disabling WARP client.\n Due to insufficient policy verification by WARP iOS client, this \nfeature could be bypassed by using the \"Disable WARP\" quick action.\u003c/p\u003e\u003c/div\u003e"
}
],
"value": "Lock Warp switch is a feature of Zero Trust platform which, when\n enabled, prevents users of enrolled devices from disabling WARP client.\n Due to insufficient policy verification by WARP iOS client, this \nfeature could be bypassed by using the \"Disable WARP\" quick action.\n\n\n\n"
}
],
"impacts": [
{
"capecId": "CAPEC-122",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-122 Privilege Abuse"
}
]
},
{
"capecId": "CAPEC-554",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-554 Functionality Bypass"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:N/I:H/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "CWE-862 Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-10-28T09:25:55.997Z",
"orgId": "a22f1246-ba21-4bb4-a601-ad51614c1513",
"shortName": "cloudflare"
},
"references": [
{
"url": "https://github.com/cloudflare/advisories/security/advisories/GHSA-76pg-rp9h-wmcj"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Upgrade to the specified patched version.\u003cbr\u003e"
}
],
"value": "Upgrade to the specified patched version.\n"
}
],
"source": {
"advisory": "GHSA-76pg-rp9h-wmcj",
"discovery": "EXTERNAL"
},
"title": "Lock WARP switch bypass on WARP mobile client using iOS quick action",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "a22f1246-ba21-4bb4-a601-ad51614c1513",
"assignerShortName": "cloudflare",
"cveId": "CVE-2022-3322",
"datePublished": "2022-10-28T09:25:55.997Z",
"dateReserved": "2022-09-26T16:41:02.276Z",
"dateUpdated": "2025-05-05T20:15:49.618Z",
"requesterUserId": "25b7b156-39bf-4f6b-8c25-8bc69c5c5e82",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-3321 (GCVE-0-2022-3321)
Vulnerability from nvd – Published: 2022-10-28 09:24 – Updated: 2025-05-08 19:15
VLAI?
Title
Lock WARP switch feature bypass on WARP mobile client for iOS
Summary
It was possible to bypass Lock WARP switch feature https://developers.cloudflare.com/cloudflare-one/connections/connect-devices/warp/warp-settings/#lock-warp-switch on the WARP iOS mobile client by enabling both "Disable for cellular networks" and "Disable for Wi-Fi networks" switches at once in the application settings. Such configuration caused the WARP client to disconnect and allowed the user to bypass restrictions and policies enforced by the Zero Trust platform.
Severity ?
6.7 (Medium)
CWE
- CWE-862 - Missing Authorization
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cloudflare | WARP |
Affected:
0 , < 6.14
(semver)
|
Credits
Josh (joshmotionfans)
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T01:07:06.458Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/cloudflare/advisories/security/advisories/GHSA-4463-5p9m-3c78"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-3321",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-08T19:15:19.020466Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-08T19:15:29.857Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"iOS"
],
"product": "WARP",
"vendor": "Cloudflare",
"versions": [
{
"lessThan": "6.14",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"configurations": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Endpoint enrolled on Cloudflare Zero Trust (Cloudflare One)\u003cbr\u003e"
}
],
"value": "Endpoint enrolled on Cloudflare Zero Trust (Cloudflare One)\n"
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Josh (joshmotionfans)"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "It was possible to bypass \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://developers.cloudflare.com/cloudflare-one/connections/connect-devices/warp/warp-settings/#lock-warp-switch\"\u003eLock WARP switch feature\u003c/a\u003e\u0026nbsp;on the WARP iOS mobile client by enabling both \"Disable for cellular networks\" and \"Disable for Wi-Fi networks\" switches at once in the application settings. Such configuration caused the WARP client to disconnect and allowed the user to bypass restrictions and policies enforced by the Zero Trust platform."
}
],
"value": "It was possible to bypass Lock WARP switch feature https://developers.cloudflare.com/cloudflare-one/connections/connect-devices/warp/warp-settings/#lock-warp-switch \u00a0on the WARP iOS mobile client by enabling both \"Disable for cellular networks\" and \"Disable for Wi-Fi networks\" switches at once in the application settings. Such configuration caused the WARP client to disconnect and allowed the user to bypass restrictions and policies enforced by the Zero Trust platform."
}
],
"impacts": [
{
"capecId": "CAPEC-122",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-122 Privilege Abuse"
}
]
},
{
"capecId": "CAPEC-554",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-554 Functionality Bypass"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:N/I:H/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "CWE-862 Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-10-28T09:24:40.799Z",
"orgId": "a22f1246-ba21-4bb4-a601-ad51614c1513",
"shortName": "cloudflare"
},
"references": [
{
"url": "https://github.com/cloudflare/advisories/security/advisories/GHSA-4463-5p9m-3c78"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Upgrade to specified patched versions.\u003cbr\u003e"
}
],
"value": "Upgrade to specified patched versions.\n"
}
],
"source": {
"advisory": "GHSA-4463-5p9m-3c78",
"discovery": "EXTERNAL"
},
"title": "Lock WARP switch feature bypass on WARP mobile client for iOS",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "a22f1246-ba21-4bb4-a601-ad51614c1513",
"assignerShortName": "cloudflare",
"cveId": "CVE-2022-3321",
"datePublished": "2022-10-28T09:24:40.799Z",
"dateReserved": "2022-09-26T16:41:00.464Z",
"dateUpdated": "2025-05-08T19:15:29.857Z",
"requesterUserId": "25b7b156-39bf-4f6b-8c25-8bc69c5c5e82",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-3322 (GCVE-0-2022-3322)
Vulnerability from cvelistv5 – Published: 2022-10-28 09:25 – Updated: 2025-05-05 20:15
VLAI?
Title
Lock WARP switch bypass on WARP mobile client using iOS quick action
Summary
Lock Warp switch is a feature of Zero Trust platform which, when
enabled, prevents users of enrolled devices from disabling WARP client.
Due to insufficient policy verification by WARP iOS client, this
feature could be bypassed by using the "Disable WARP" quick action.
Severity ?
6.7 (Medium)
CWE
- CWE-862 - Missing Authorization
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cloudflare | WARP |
Affected:
0 , < 6.14
(semver)
|
Credits
Josh (joshmotionfans)
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T01:07:06.465Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/cloudflare/advisories/security/advisories/GHSA-76pg-rp9h-wmcj"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-3322",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-05T20:15:36.247571Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-05T20:15:49.618Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"iOS"
],
"product": "WARP",
"vendor": "Cloudflare",
"versions": [
{
"lessThan": "6.14",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"configurations": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Endpoint enrolled on Cloudflare Zero Trust (Cloudflare One)\u003cbr\u003e"
}
],
"value": "Endpoint enrolled on Cloudflare Zero Trust (Cloudflare One)\n"
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Josh (joshmotionfans)"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cdiv\u003e\u003cp\u003eLock Warp switch is a feature of Zero Trust platform which, when\n enabled, prevents users of enrolled devices from disabling WARP client.\n Due to insufficient policy verification by WARP iOS client, this \nfeature could be bypassed by using the \"Disable WARP\" quick action.\u003c/p\u003e\u003c/div\u003e"
}
],
"value": "Lock Warp switch is a feature of Zero Trust platform which, when\n enabled, prevents users of enrolled devices from disabling WARP client.\n Due to insufficient policy verification by WARP iOS client, this \nfeature could be bypassed by using the \"Disable WARP\" quick action.\n\n\n\n"
}
],
"impacts": [
{
"capecId": "CAPEC-122",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-122 Privilege Abuse"
}
]
},
{
"capecId": "CAPEC-554",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-554 Functionality Bypass"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:N/I:H/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "CWE-862 Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-10-28T09:25:55.997Z",
"orgId": "a22f1246-ba21-4bb4-a601-ad51614c1513",
"shortName": "cloudflare"
},
"references": [
{
"url": "https://github.com/cloudflare/advisories/security/advisories/GHSA-76pg-rp9h-wmcj"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Upgrade to the specified patched version.\u003cbr\u003e"
}
],
"value": "Upgrade to the specified patched version.\n"
}
],
"source": {
"advisory": "GHSA-76pg-rp9h-wmcj",
"discovery": "EXTERNAL"
},
"title": "Lock WARP switch bypass on WARP mobile client using iOS quick action",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "a22f1246-ba21-4bb4-a601-ad51614c1513",
"assignerShortName": "cloudflare",
"cveId": "CVE-2022-3322",
"datePublished": "2022-10-28T09:25:55.997Z",
"dateReserved": "2022-09-26T16:41:02.276Z",
"dateUpdated": "2025-05-05T20:15:49.618Z",
"requesterUserId": "25b7b156-39bf-4f6b-8c25-8bc69c5c5e82",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-3337 (GCVE-0-2022-3337)
Vulnerability from cvelistv5 – Published: 2022-10-28 09:25 – Updated: 2025-05-06 17:41
VLAI?
Title
Lock WARP switch bypass by removing VPN profile on iOS mobile client
Summary
It was possible for a user to delete a VPN profile from WARP mobile client on iOS platform despite the Lock WARP switch https://developers.cloudflare.com/cloudflare-one/connections/connect-devices/warp/warp-settings/#lock-warp-switch feature
being enabled on Zero Trust Platform. This led to bypassing policies
and restrictions enforced for enrolled devices by the Zero Trust
platform.
Severity ?
6.7 (Medium)
CWE
- CWE-862 - Missing Authorization
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cloudflare | WARP |
Affected:
0 , < 6.15
(semver)
|
Credits
Josh (joshmotionfans)
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T01:07:06.580Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/cloudflare/advisories/security/advisories/GHSA-vr93-4vx7-332p"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-3337",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-06T17:39:14.427525Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-06T17:41:15.374Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"iOS"
],
"product": "WARP",
"vendor": "Cloudflare",
"versions": [
{
"lessThan": "6.15",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"configurations": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Endpoint enrolled on Cloudflare Zero Trust (Cloudflare One)\u003cbr\u003e"
}
],
"value": "Endpoint enrolled on Cloudflare Zero Trust (Cloudflare One)\n"
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Josh (joshmotionfans)"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cdiv\u003e\u003cp\u003eIt was possible for a user to delete a VPN profile from WARP mobile client on iOS platform despite the \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://developers.cloudflare.com/cloudflare-one/connections/connect-devices/warp/warp-settings/#lock-warp-switch\"\u003eLock WARP switch\u003c/a\u003e\u0026nbsp;feature\n being enabled on Zero Trust Platform. This led to bypassing policies \nand restrictions enforced for enrolled devices by the Zero Trust \nplatform.\u003c/p\u003e\u003c/div\u003e"
}
],
"value": "It was possible for a user to delete a VPN profile from WARP mobile client on iOS platform despite the Lock WARP switch https://developers.cloudflare.com/cloudflare-one/connections/connect-devices/warp/warp-settings/#lock-warp-switch \u00a0feature\n being enabled on Zero Trust Platform. This led to bypassing policies \nand restrictions enforced for enrolled devices by the Zero Trust \nplatform.\n\n\n\n"
}
],
"impacts": [
{
"capecId": "CAPEC-122",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-122 Privilege Abuse"
}
]
},
{
"capecId": "CAPEC-554",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-554 Functionality Bypass"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:N/I:H/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "CWE-862 Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-10-28T09:25:31.596Z",
"orgId": "a22f1246-ba21-4bb4-a601-ad51614c1513",
"shortName": "cloudflare"
},
"references": [
{
"url": "https://github.com/cloudflare/advisories/security/advisories/GHSA-vr93-4vx7-332p"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Upgrade to specified patched version.\u003cbr\u003e"
}
],
"value": "Upgrade to specified patched version.\n"
}
],
"source": {
"advisory": "GHSA-vr93-4vx7-332p",
"discovery": "EXTERNAL"
},
"title": "Lock WARP switch bypass by removing VPN profile on iOS mobile client",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "a22f1246-ba21-4bb4-a601-ad51614c1513",
"assignerShortName": "cloudflare",
"cveId": "CVE-2022-3337",
"datePublished": "2022-10-28T09:25:31.596Z",
"dateReserved": "2022-09-27T10:25:13.653Z",
"dateUpdated": "2025-05-06T17:41:15.374Z",
"requesterUserId": "25b7b156-39bf-4f6b-8c25-8bc69c5c5e82",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-3321 (GCVE-0-2022-3321)
Vulnerability from cvelistv5 – Published: 2022-10-28 09:24 – Updated: 2025-05-08 19:15
VLAI?
Title
Lock WARP switch feature bypass on WARP mobile client for iOS
Summary
It was possible to bypass Lock WARP switch feature https://developers.cloudflare.com/cloudflare-one/connections/connect-devices/warp/warp-settings/#lock-warp-switch on the WARP iOS mobile client by enabling both "Disable for cellular networks" and "Disable for Wi-Fi networks" switches at once in the application settings. Such configuration caused the WARP client to disconnect and allowed the user to bypass restrictions and policies enforced by the Zero Trust platform.
Severity ?
6.7 (Medium)
CWE
- CWE-862 - Missing Authorization
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cloudflare | WARP |
Affected:
0 , < 6.14
(semver)
|
Credits
Josh (joshmotionfans)
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T01:07:06.458Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/cloudflare/advisories/security/advisories/GHSA-4463-5p9m-3c78"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-3321",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-08T19:15:19.020466Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-08T19:15:29.857Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"iOS"
],
"product": "WARP",
"vendor": "Cloudflare",
"versions": [
{
"lessThan": "6.14",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"configurations": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Endpoint enrolled on Cloudflare Zero Trust (Cloudflare One)\u003cbr\u003e"
}
],
"value": "Endpoint enrolled on Cloudflare Zero Trust (Cloudflare One)\n"
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Josh (joshmotionfans)"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "It was possible to bypass \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://developers.cloudflare.com/cloudflare-one/connections/connect-devices/warp/warp-settings/#lock-warp-switch\"\u003eLock WARP switch feature\u003c/a\u003e\u0026nbsp;on the WARP iOS mobile client by enabling both \"Disable for cellular networks\" and \"Disable for Wi-Fi networks\" switches at once in the application settings. Such configuration caused the WARP client to disconnect and allowed the user to bypass restrictions and policies enforced by the Zero Trust platform."
}
],
"value": "It was possible to bypass Lock WARP switch feature https://developers.cloudflare.com/cloudflare-one/connections/connect-devices/warp/warp-settings/#lock-warp-switch \u00a0on the WARP iOS mobile client by enabling both \"Disable for cellular networks\" and \"Disable for Wi-Fi networks\" switches at once in the application settings. Such configuration caused the WARP client to disconnect and allowed the user to bypass restrictions and policies enforced by the Zero Trust platform."
}
],
"impacts": [
{
"capecId": "CAPEC-122",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-122 Privilege Abuse"
}
]
},
{
"capecId": "CAPEC-554",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-554 Functionality Bypass"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:N/I:H/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "CWE-862 Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-10-28T09:24:40.799Z",
"orgId": "a22f1246-ba21-4bb4-a601-ad51614c1513",
"shortName": "cloudflare"
},
"references": [
{
"url": "https://github.com/cloudflare/advisories/security/advisories/GHSA-4463-5p9m-3c78"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Upgrade to specified patched versions.\u003cbr\u003e"
}
],
"value": "Upgrade to specified patched versions.\n"
}
],
"source": {
"advisory": "GHSA-4463-5p9m-3c78",
"discovery": "EXTERNAL"
},
"title": "Lock WARP switch feature bypass on WARP mobile client for iOS",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "a22f1246-ba21-4bb4-a601-ad51614c1513",
"assignerShortName": "cloudflare",
"cveId": "CVE-2022-3321",
"datePublished": "2022-10-28T09:24:40.799Z",
"dateReserved": "2022-09-26T16:41:00.464Z",
"dateUpdated": "2025-05-08T19:15:29.857Z",
"requesterUserId": "25b7b156-39bf-4f6b-8c25-8bc69c5c5e82",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}