CVE-2022-3512

Summary

Using warp-cli command "add-trusted-ssid", a user was able to disconnect WARP client and bypass the "Lock WARP switch" feature resulting in Zero Trust policies not being enforced on an affected endpoint.

Affected Software

VendorProductVersion RangeStatus
CloudflareWARP0 < 2022.8.857affected
CloudflareWARP0 < 2022.8.936affected
CloudflareWARP0 < 2022.8.861affected

Weaknesses

  • CWE-862: CWE-862 Missing Authorization

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References