CVE-2022-3320 — MEDIUM (6.7)

Q: How severe is CVE-2022-3320?

CVE-2022-3320 has been rated MEDIUM with a CVSS base score of 6.7/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2022-3320?

Check the references section above for vendor advisories and patch information. Affected products include: Cloudflare Warp.

Vulnerability Description

It was possible to bypass policies configured for Zero Trust Secure Web Gateway by using warp-cli 'set-custom-endpoint' subcommand. Using this command with an unreachable endpoint caused the WARP Client to disconnect and allowed bypassing administrative restrictions on a Zero Trust enrolled endpoint.

CVSS Score

6.7

MEDIUM

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:N/I:H/A:L

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality

NONE

Integrity

HIGH

Availability

LOW

Affected Products

Vendor	Product	Versions
Cloudflare	Warp	< 2022.8.857.0

Related Weaknesses (CWE)

CWE-862

References

https://github.com/cloudflare/advisories/security/advisories/GHSA-3868-hwjx-r5xfThird Party Advisory
https://github.com/cloudflare/advisories/security/advisories/GHSA-3868-hwjx-r5xfThird Party Advisory

FAQ

What is CVE-2022-3320?

CVE-2022-3320 is a vulnerability with a CVSS score of 6.7 (MEDIUM). It was possible to bypass policies configured for Zero Trust Secure Web Gateway by using warp-cli 'set-custom-endpoint' subcommand. Using this command with an unreachable endpoint caused the WARP Clie...

How severe is CVE-2022-3320?

CVE-2022-3320 has been rated MEDIUM with a CVSS base score of 6.7/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2022-3320?

Check the references section above for vendor advisories and patch information. Affected products include: Cloudflare Warp.