CVE-2022-3322 — MEDIUM (6.7)

Q: How severe is CVE-2022-3322?

CVE-2022-3322 has been rated MEDIUM with a CVSS base score of 6.7/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2022-3322?

Check the references section above for vendor advisories and patch information. Affected products include: Cloudflare Warp Mobile Client.

Vulnerability Description

Lock Warp switch is a feature of Zero Trust platform which, when enabled, prevents users of enrolled devices from disabling WARP client. Due to insufficient policy verification by WARP iOS client, this feature could be bypassed by using the "Disable WARP" quick action.

CVSS Score

6.7

MEDIUM

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:N/I:H/A:L

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality

NONE

Integrity

HIGH

Availability

LOW

Affected Products

Vendor	Product	Versions
Cloudflare	Warp Mobile Client	< 6.14

Related Weaknesses (CWE)

CWE-347 CWE-862

References

https://github.com/cloudflare/advisories/security/advisories/GHSA-76pg-rp9h-wmcjThird Party Advisory
https://github.com/cloudflare/advisories/security/advisories/GHSA-76pg-rp9h-wmcjThird Party Advisory

FAQ

What is CVE-2022-3322?

CVE-2022-3322 is a vulnerability with a CVSS score of 6.7 (MEDIUM). Lock Warp switch is a feature of Zero Trust platform which, when enabled, prevents users of enrolled devices from disabling WARP client. Due to insufficient policy verification by WARP iOS client, t...

How severe is CVE-2022-3322?

CVE-2022-3322 has been rated MEDIUM with a CVSS base score of 6.7/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2022-3322?

Check the references section above for vendor advisories and patch information. Affected products include: Cloudflare Warp Mobile Client.