CVE-2022-3321 - OpenCVE

It was possible to bypass Lock WARP switch feature https://developers.cloudflare.com/cloudflare-one/connections/connect-devices/warp/warp-settings/#lock-warp-switch on the WARP iOS mobile client by enabling both "Disable for cellular networks" and "Disable for Wi-Fi networks" switches at once in the application settings. Such configuration caused the WARP client to disconnect and allowed the user to bypass restrictions and policies enforced by the Zero Trust platform.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact High

Availability Impact Low

User Interaction None

No CVSS v3.0

No CVSS v2

Vendors & Products
CPE Configurations

Vendors	Products
Cloudflare	Warp Mobile Client

Configuration 1 [-]

cpe:2.3:a:cloudflare:warp_mobile_client:*:*:*:*:*:iphone_os:*:*

References

Link	Resource
https://github.com/cloudflare/advisories/security/advisories/GHSA-4463-5p9m-3c78	Third Party Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: cloudflare

Published: 2022-10-28T09:24:40.799Z

Updated:

Reserved: 2022-09-26T16:41:00.464Z

Link: CVE-2022-3321

JSON object: View

NVD Information

Status : Modified

Published: 2022-10-28T10:15:16.683

Modified: 2023-11-07T03:51:06.493

Link: CVE-2022-3321

JSON object: View

Redhat Information

No data.

CWE

CWE-862

{"dataType": "CVE_RECORD", "dataVersion": "5.0", "cveMetadata": {"cveId": "CVE-2022-3321", "assignerOrgId": "a22f1246-ba21-4bb4-a601-ad51614c1513", "state": "PUBLISHED", "assignerShortName": "cloudflare", "requesterUserId": "25b7b156-39bf-4f6b-8c25-8bc69c5c5e82", "dateReserved": "2022-09-26T16:41:00.464Z", "datePublished": "2022-10-28T09:24:40.799Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "platforms": ["iOS"], "product": "WARP", "vendor": "Cloudflare", "versions": [{"lessThan": "6.14", "status": "affected", "version": "0", "versionType": "semver"}]}], "configurations": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Endpoint enrolled on Cloudflare Zero Trust (Cloudflare One)<br>"}], "value": "Endpoint enrolled on Cloudflare Zero Trust (Cloudflare One)\n"}], "credits": [{"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "Josh (joshmotionfans)"}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "It was possible to bypass <a target=\"_blank\" rel=\"nofollow\" href=\"https://developers.cloudflare.com/cloudflare-one/connections/connect-devices/warp/warp-settings/#lock-warp-switch\">Lock WARP switch feature</a> on the WARP iOS mobile client by enabling both \"Disable for cellular networks\" and \"Disable for Wi-Fi networks\" switches at once in the application settings. Such configuration caused the WARP client to disconnect and allowed the user to bypass restrictions and policies enforced by the Zero Trust platform."}], "value": "It was possible to bypass Lock WARP switch feature https://developers.cloudflare.com/cloudflare-one/connections/connect-devices/warp/warp-settings/#lock-warp-switch \u00a0on the WARP iOS mobile client by enabling both \"Disable for cellular networks\" and \"Disable for Wi-Fi networks\" switches at once in the application settings. Such configuration caused the WARP client to disconnect and allowed the user to bypass restrictions and policies enforced by the Zero Trust platform."}], "impacts": [{"capecId": "CAPEC-122", "descriptions": [{"lang": "en", "value": "CAPEC-122 Privilege Abuse"}]}, {"capecId": "CAPEC-554", "descriptions": [{"lang": "en", "value": "CAPEC-554 Functionality Bypass"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 6.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:N/I:H/A:L", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-862", "description": "CWE-862 Missing Authorization", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "a22f1246-ba21-4bb4-a601-ad51614c1513", "shortName": "cloudflare", "dateUpdated": "2022-10-28T09:24:40.799Z"}, "references": [{"url": "https://github.com/cloudflare/advisories/security/advisories/GHSA-4463-5p9m-3c78"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Upgrade to specified patched versions.<br>"}], "value": "Upgrade to specified patched versions.\n"}], "source": {"advisory": "GHSA-4463-5p9m-3c78", "discovery": "EXTERNAL"}, "title": "Lock WARP switch feature bypass on WARP mobile client for iOS", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:cloudflare:warp_mobile_client:*:*:*:*:*:iphone_os:*:*", "matchCriteriaId": "1150BB9C-25CC-4DD9-9CEB-C5B30AA39D1C", "versionEndExcluding": "6.14", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "It was possible to bypass Lock WARP switch feature https://developers.cloudflare.com/cloudflare-one/connections/connect-devices/warp/warp-settings/#lock-warp-switch \u00a0on the WARP iOS mobile client by enabling both \"Disable for cellular networks\" and \"Disable for Wi-Fi networks\" switches at once in the application settings. Such configuration caused the WARP client to disconnect and allowed the user to bypass restrictions and policies enforced by the Zero Trust platform."}, {"lang": "es", "value": "Fue posible omitir la funci\u00f3n de interruptor Lock WARP https://developers.cloudflare.com/cloudflare-one/connections/connect-devices/warp/warp-settings/#lock-warp-switch en el cliente m\u00f3vil WARP iOS habilitando ambos Los cambios \"\"Disable for cellular networks\"\" y \"\"Disable for Wi-Fi networks\"\" a la vez en la configuraci\u00f3n de la aplicaci\u00f3n. Dicha configuraci\u00f3n provoc\u00f3 que el cliente WARP se desconectara y permiti\u00f3 al usuario eludir las restricciones y pol\u00edticas impuestas por la plataforma Zero Trust."}], "id": "CVE-2022-3321", "lastModified": "2023-11-07T03:51:06.493", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 8.2, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:L", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 4.2, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 6.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:N/I:H/A:L", "version": "3.1"}, "exploitabilityScore": 1.5, "impactScore": 4.7, "source": "cna@cloudflare.com", "type": "Secondary"}]}, "published": "2022-10-28T10:15:16.683", "references": [{"source": "cna@cloudflare.com", "tags": ["Third Party Advisory"], "url": "https://github.com/cloudflare/advisories/security/advisories/GHSA-4463-5p9m-3c78"}], "sourceIdentifier": "cna@cloudflare.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-862"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-862"}], "source": "cna@cloudflare.com", "type": "Secondary"}]}