CVE-2022-2225 - OpenCVE

By using warp-cli subcommands (disable-ethernet, disable-wifi), it was possible for a user without admin privileges to bypass configured Zero Trust security policies (e.g. Secure Web Gateway policies) and features such as 'Lock WARP switch'.

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

Vendors & Products
CPE Configurations

Vendors	Products
Cloudflare	Warp

Configuration 1 [-]

OR	cpe:2.3:a:cloudflare:warp::::::macos::*
	cpe:2.3:a:cloudflare:warp::::::windows::*
	cpe:2.3:a:cloudflare:warp::::::linux::*

References

Link	Resource
https://github.com/cloudflare/advisories/security/advisories/GHSA-cg88-vx48-976c	Patch Third Party Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: cloudflare

Published: 2022-07-26T11:35:10

Updated: 2022-07-26T11:35:10

Reserved: 2022-06-27T00:00:00

Link: CVE-2022-2225

JSON object: View

NVD Information

Status : Analyzed

Published: 2022-07-26T12:15:08.203

Modified: 2022-08-01T16:30:16.207

Link: CVE-2022-2225

JSON object: View

Redhat Information

No data.

CWE

{"containers": {"cna": {"affected": [{"platforms": ["Windows"], "product": "WARP", "vendor": "Cloudflare", "versions": [{"lessThan": "2022.5.341.0", "status": "affected", "version": "unspecified", "versionType": "custom"}]}, {"platforms": ["Linux"], "product": "WARP", "vendor": "Cloudflare", "versions": [{"lessThan": "2022.5.346", "status": "affected", "version": "unspecified", "versionType": "custom"}]}, {"platforms": ["MacOS"], "product": "WARP", "vendor": "Cloudflare", "versions": [{"lessThan": "2022.5.227.0", "status": "affected", "version": "unspecified", "versionType": "custom"}]}], "configurations": [{"lang": "en", "value": "WARP client enrolled in the Zero Trust mode."}], "descriptions": [{"lang": "en", "value": "By using warp-cli subcommands (disable-ethernet, disable-wifi), it was possible for a user without admin privileges to bypass configured Zero Trust security policies (e.g. Secure Web Gateway policies) and features such as 'Lock WARP switch'."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:L/I:H/A:H", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-284", "description": "CWE-284 Improper Access Control", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2022-07-26T11:35:10", "orgId": "a22f1246-ba21-4bb4-a601-ad51614c1513", "shortName": "cloudflare"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://github.com/cloudflare/advisories/security/advisories/GHSA-cg88-vx48-976c"}], "solutions": [{"lang": "en", "value": "Upgrade WARP Client to the non-vulnerable version."}], "source": {"discovery": "EXTERNAL"}, "title": "Zero Trust Secure Web Gateway policies bypass using WARP client subcommands ", "x_generator": {"engine": "Vulnogram 0.0.9"}, "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cna@cloudflare.com", "ID": "CVE-2022-2225", "STATE": "PUBLIC", "TITLE": "Zero Trust Secure Web Gateway policies bypass using WARP client subcommands "}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "WARP", "version": {"version_data": [{"platform": "Windows", "version_affected": "<", "version_value": "2022.5.341.0"}]}}, {"product_name": "WARP", "version": {"version_data": [{"platform": "Linux", "version_affected": "<", "version_value": "2022.5.346"}]}}, {"product_name": "WARP", "version": {"version_data": [{"platform": "MacOS", "version_affected": "<", "version_value": "2022.5.227.0"}]}}]}, "vendor_name": "Cloudflare"}]}}, "configuration": [{"lang": "en", "value": "WARP client enrolled in the Zero Trust mode."}], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "By using warp-cli subcommands (disable-ethernet, disable-wifi), it was possible for a user without admin privileges to bypass configured Zero Trust security policies (e.g. Secure Web Gateway policies) and features such as 'Lock WARP switch'."}]}, "generator": {"engine": "Vulnogram 0.0.9"}, "impact": {"cvss": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:L/I:H/A:H", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-284 Improper Access Control"}]}]}, "references": {"reference_data": [{"name": "https://github.com/cloudflare/advisories/security/advisories/GHSA-cg88-vx48-976c", "refsource": "MISC", "url": "https://github.com/cloudflare/advisories/security/advisories/GHSA-cg88-vx48-976c"}]}, "solution": [{"lang": "en", "value": "Upgrade WARP Client to the non-vulnerable version."}], "source": {"discovery": "EXTERNAL"}}}}, "cveMetadata": {"assignerOrgId": "a22f1246-ba21-4bb4-a601-ad51614c1513", "assignerShortName": "cloudflare", "cveId": "CVE-2022-2225", "datePublished": "2022-07-26T11:35:10", "dateReserved": "2022-06-27T00:00:00", "dateUpdated": "2022-07-26T11:35:10", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:cloudflare:warp:*:*:*:*:*:macos:*:*", "matchCriteriaId": "BCB4C0A7-AAC5-413E-8263-E86CF6AA5A93", "versionEndExcluding": "2022.5.227.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:cloudflare:warp:*:*:*:*:*:windows:*:*", "matchCriteriaId": "5BBAFA8D-0163-423D-9B00-CB329AF44B10", "versionEndExcluding": "2022.5.341.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:cloudflare:warp:*:*:*:*:*:linux:*:*", "matchCriteriaId": "3C0F6F26-5CB2-4B41-8361-810C506D0AA4", "versionEndExcluding": "2022.5.346", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "By using warp-cli subcommands (disable-ethernet, disable-wifi), it was possible for a user without admin privileges to bypass configured Zero Trust security policies (e.g. Secure Web Gateway policies) and features such as 'Lock WARP switch'."}, {"lang": "es", "value": "Mediante el uso de los subcomandos de warp-cli (disable-ethernet, disable-wifi), era posible a un usuario no privilegiado de administrador omitir las pol\u00edticas de seguridad configuradas de Zero Trust (por ejemplo, las pol\u00edticas de Secure Web Gateway) y funciones como \"Lock WARP switch\"."}], "id": "CVE-2022-2225", "lastModified": "2022-08-01T16:30:16.207", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:L/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.5, "impactScore": 6.0, "source": "cna@cloudflare.com", "type": "Secondary"}]}, "published": "2022-07-26T12:15:08.203", "references": [{"source": "cna@cloudflare.com", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/cloudflare/advisories/security/advisories/GHSA-cg88-vx48-976c"}], "sourceIdentifier": "cna@cloudflare.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-284"}], "source": "cna@cloudflare.com", "type": "Secondary"}]}