CVE-2022-3512

Using warp-cli command "add-trusted-ssid", a user was able to disconnect WARP client and bypass the "Lock WARP switch" feature resulting in Zero Trust policies not being enforced on an affected endpoint.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
6.7 MEDIUM
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:N/I:H/A:L
cloudflareCNA
6.7 MEDIUM
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:N/I:H/A:L
CVEADP
---
---
CISA-ADPADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 3%
VendorProductVersion
cloudflarewarp
𝑥
< 2022.8.857.0
cloudflarewarp
𝑥
< 2022.8.861.0
cloudflarewarp
𝑥
< 2022.8.936
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://github.com/cloudflare/advisories/security/advisories/GHSA-3868-hwjx-r5xf
https://github.com/cloudflare/advisories/security/advisories/GHSA-3868-hwjx-r5xf