CVE-2022-2225

Summary

By using warp-cli subcommands (disable-ethernet, disable-wifi), it was possible for a user without admin privileges to bypass configured Zero Trust security policies (e.g. Secure Web Gateway policies) and features such as 'Lock WARP switch'.

Affected Software

VendorProductVersion RangeStatus
CloudflareWARPunspecified < 2022.5.341.0affected
CloudflareWARPunspecified < 2022.5.346affected
CloudflareWARPunspecified < 2022.5.227.0affected

Weaknesses

  • CWE-284: CWE-284 Improper Access Control

ADP Enrichment

CVE Program Container

Additional References

References