CVE-2022-3512

EUVD-2022-42881
Using warp-cli command "add-trusted-ssid", a user was able to disconnect WARP client and bypass the "Lock WARP switch" feature resulting in Zero Trust policies not being enforced on an affected endpoint.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
6.7 MEDIUM
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:N/I:H/A:L
cloudflareCNA
6.7 MEDIUM
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:N/I:H/A:L
Base Score
CVSS 3.x
EPSS Score
Percentile: 33%
Affected Products (NVD)
VendorProductVersion
cloudflarewarp
𝑥
< 2022.8.857.0
cloudflarewarp
𝑥
< 2022.8.861.0
cloudflarewarp
𝑥
< 2022.8.936
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://github.com/cloudflare/advisories/security/advisories/GHSA-3868-hwjx-r5xf
https://github.com/cloudflare/advisories/security/advisories/GHSA-3868-hwjx-r5xf