CVE-2022-3337 - OpenCVE

It was possible for a user to delete a VPN profile from WARP mobile client on iOS platform despite the Lock WARP switch https://developers.cloudflare.com/cloudflare-one/connections/connect-devices/warp/warp-settings/#lock-warp-switch feature being enabled on Zero Trust Platform. This led to bypassing policies and restrictions enforced for enrolled devices by the Zero Trust platform.

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Changed

Confidentiality Impact None

Integrity Impact High

Availability Impact Low

User Interaction None

No CVSS v3.0

No CVSS v2

Vendors & Products
CPE Configurations

Vendors	Products
Cloudflare	Warp Mobile Client

Configuration 1 [-]

cpe:2.3:a:cloudflare:warp_mobile_client:*:*:*:*:*:iphone_os:*:*

References

Link	Resource
https://github.com/cloudflare/advisories/security/advisories/GHSA-vr93-4vx7-332p	Third Party Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: cloudflare

Published: 2022-10-28T09:25:31.596Z

Updated:

Reserved: 2022-09-27T10:25:13.653Z

Link: CVE-2022-3337

JSON object: View

NVD Information

Status : Modified

Published: 2022-10-28T10:15:17.563

Modified: 2023-11-07T03:51:08.437

Link: CVE-2022-3337

JSON object: View

Redhat Information

No data.

CWE

{"dataType": "CVE_RECORD", "dataVersion": "5.0", "cveMetadata": {"cveId": "CVE-2022-3337", "assignerOrgId": "a22f1246-ba21-4bb4-a601-ad51614c1513", "state": "PUBLISHED", "assignerShortName": "cloudflare", "requesterUserId": "25b7b156-39bf-4f6b-8c25-8bc69c5c5e82", "dateReserved": "2022-09-27T10:25:13.653Z", "datePublished": "2022-10-28T09:25:31.596Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "platforms": ["iOS"], "product": "WARP", "vendor": "Cloudflare", "versions": [{"lessThan": "6.15", "status": "affected", "version": "0", "versionType": "semver"}]}], "configurations": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Endpoint enrolled on Cloudflare Zero Trust (Cloudflare One)<br>"}], "value": "Endpoint enrolled on Cloudflare Zero Trust (Cloudflare One)\n"}], "credits": [{"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "Josh (joshmotionfans)"}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<div><p>It was possible for a user to delete a VPN profile from WARP mobile client on iOS platform despite the <a target=\"_blank\" rel=\"nofollow\" href=\"https://developers.cloudflare.com/cloudflare-one/connections/connect-devices/warp/warp-settings/#lock-warp-switch\">Lock WARP switch</a> feature\n being enabled on Zero Trust Platform. This led to bypassing policies \nand restrictions enforced for enrolled devices by the Zero Trust \nplatform.</p></div>"}], "value": "It was possible for a user to delete a VPN profile from WARP mobile client on iOS platform despite the Lock WARP switch https://developers.cloudflare.com/cloudflare-one/connections/connect-devices/warp/warp-settings/#lock-warp-switch \u00a0feature\n being enabled on Zero Trust Platform. This led to bypassing policies \nand restrictions enforced for enrolled devices by the Zero Trust \nplatform.\n\n\n\n"}], "impacts": [{"capecId": "CAPEC-122", "descriptions": [{"lang": "en", "value": "CAPEC-122 Privilege Abuse"}]}, {"capecId": "CAPEC-554", "descriptions": [{"lang": "en", "value": "CAPEC-554 Functionality Bypass"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 6.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:N/I:H/A:L", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-862", "description": "CWE-862 Missing Authorization", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "a22f1246-ba21-4bb4-a601-ad51614c1513", "shortName": "cloudflare", "dateUpdated": "2022-10-28T09:25:31.596Z"}, "references": [{"url": "https://github.com/cloudflare/advisories/security/advisories/GHSA-vr93-4vx7-332p"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Upgrade to specified patched version.<br>"}], "value": "Upgrade to specified patched version.\n"}], "source": {"advisory": "GHSA-vr93-4vx7-332p", "discovery": "EXTERNAL"}, "title": "Lock WARP switch bypass by removing VPN profile on iOS mobile client", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:cloudflare:warp_mobile_client:*:*:*:*:*:iphone_os:*:*", "matchCriteriaId": "AFA71DEA-72C1-471B-9F1D-CB58C8F7FBD9", "versionEndExcluding": "6.15", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "It was possible for a user to delete a VPN profile from WARP mobile client on iOS platform despite the Lock WARP switch https://developers.cloudflare.com/cloudflare-one/connections/connect-devices/warp/warp-settings/#lock-warp-switch \u00a0feature\n being enabled on Zero Trust Platform. This led to bypassing policies \nand restrictions enforced for enrolled devices by the Zero Trust \nplatform.\n\n\n\n"}, {"lang": "es", "value": "Un usuario pod\u00eda eliminar un perfil VPN del cliente m\u00f3vil WARP en la plataforma iOS a pesar del interruptor Lock WARP https://developers.cloudflare.com/cloudflare-one/connections/connect-devices/warp/warp-settings/# La funci\u00f3n lock-warp-switch est\u00e1 habilitada en Zero Trust Platform. Esto llev\u00f3 a eludir las pol\u00edticas y restricciones impuestas a los dispositivos inscritos por la plataforma Zero Trust."}], "id": "CVE-2022-3337", "lastModified": "2023-11-07T03:51:08.437", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 8.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:L", "version": "3.1"}, "exploitabilityScore": 3.1, "impactScore": 4.7, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 6.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:N/I:H/A:L", "version": "3.1"}, "exploitabilityScore": 1.5, "impactScore": 4.7, "source": "cna@cloudflare.com", "type": "Secondary"}]}, "published": "2022-10-28T10:15:17.563", "references": [{"source": "cna@cloudflare.com", "tags": ["Third Party Advisory"], "url": "https://github.com/cloudflare/advisories/security/advisories/GHSA-vr93-4vx7-332p"}], "sourceIdentifier": "cna@cloudflare.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-290"}, {"lang": "en", "value": "CWE-862"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-862"}], "source": "cna@cloudflare.com", "type": "Secondary"}]}