CVE-2022-2225


Zero Trust Secure Web Gateway policies bypass using WARP client subcommands

By using warp-cli subcommands (disable-ethernet, disable-wifi), it was possible for a user without admin privileges to bypass configured Zero Trust security policies (e.g. Secure Web Gateway policies) and features such as 'Lock WARP switch'.


We have discovered 180 live websites that are affected by CVE-2022-2225.

Contact us to get more info



Affected Software

Product  Warp
Category Web Servers
Vulnerable Versions
  • from 0 before 2022.5.341
Total Vulnerable Versions38
Vulnerable Domains180 live websites (100.00% of Warp install base)


Common Weakness Enumeration


CWE-284 Improper Access Control


Distribution by Website Rank

The diagram provides a graphic representation of the correlation between the occurrence of CVE-2022-2225 and the relative popularity of websites


Details

  • Published - Jul 26, 2022
  • Updated - Jul 26, 2022





Countries

United States79 websites


Germany50 websites
France11 websites
GB6 websites
Singapore5 websites
Sweden4 websites
Australia3 websites
2 websites
Canada2 websites
Switzerland2 websites

TLDs

.com67 websites
.de27 websites
.net18 websites
.org14 websites
.io9 websites
.se4 websites
.fr4 websites
.ch2 websites
.co.uk2 websites
.info2 websites

Vulnerable Versions

Vulnerable versions are highlighted in red


Geographical Distribution

The distribution of websites across the globe that are exposed to CVE-2022-2225 through included software libraries and plugins.



References


Websites affected by CVE-2022-2225

Top websites that are affected by CVE-2022-2225. Please click on the "Contact us" button above to get more information.
DomainCountryRankContacts
*********.coop United States***,***
*.****.com United States***,***
***.**********.com United States***,***
**********************.org GB***,***
**************.se Sweden*,***,***
***.*************.com Germany*,***,***
***.***********.com United States*,***,***
*********.org United States*,***,***
*******.de Germany*,***,***
****.*********.io France*,***,***
See full domain list