📦

warp_mobile_client

Vendor: cloudflare

Actively Exploited 0 CISA KEV List

PoC / Exploits 0 Code Available

Total RCEs 0 Remote Access

Total CVEs 3 Total Indexed

Avg. EPSS 0.10% Exploit Prob.

Latest CVE CVE-2022-3337 Oct 28

Security Vulnerability Index

Page 1 / 1

6.7 CVSS

CVE-2022-3337

It was possible for a user to delete a VPN profile from WARP mobile client on iOS platform despite the Lock WARP switch https://developers.cloudflare.com/cloudflare-one/connections/connect-devices/warp/warp-settings/#lock-warp-switch feature being enabled on Zero Trust Platform. This led to bypassing policies and restrictions enforced for enrolled devices by the Zero Trust platform.

EPSS: 0.10%

Severity: MEDIUM

Oct 28, 2022

6.7 CVSS

CVE-2022-3322

Lock Warp switch is a feature of Zero Trust platform which, when enabled, prevents users of enrolled devices from disabling WARP client. Due to insufficient policy verification by WARP iOS client, this feature could be bypassed by using the "Disable WARP" quick action.

EPSS: 0.09%

Severity: MEDIUM

Oct 28, 2022

6.7 CVSS

CVE-2022-3321

It was possible to bypass Lock WARP switch feature https://developers.cloudflare.com/cloudflare-one/connections/connect-devices/warp/warp-settings/#lock-warp-switch on the WARP iOS mobile client by enabling both "Disable for cellular networks" and "Disable for Wi-Fi networks" switches at once in the application settings. Such configuration caused the WARP client to disconnect and allowed the user to bypass restrictions and policies enforced by the Zero Trust platform.

EPSS: 0.11%

Severity: MEDIUM

Oct 28, 2022

Displaying 3 of 3 Total Entries

Total 1 Sections