CVE-2022-2225
8.1
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:L/I:H/A:H
Summary
By using warp-cli subcommands (disable-ethernet, disable-wifi), it was possible for a user without admin privileges to bypass configured Zero Trust security policies (e.g. Secure Web Gateway policies) and features such as 'Lock WARP switch'.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Cloudflare | WARP | unspecified < 2022.5.341.0 | affected |
| Cloudflare | WARP | unspecified < 2022.5.346 | affected |
| Cloudflare | WARP | unspecified < 2022.5.227.0 | affected |
Weaknesses
- CWE-284: CWE-284 Improper Access Control
ADP Enrichment
CVE Program Container
Additional References
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.