CVE-2022-3337
Lock WARP switch bypass by removing VPN profile on iOS mobile clientIt was possible for a user to delete a VPN profile from WARP mobile client on iOS platform despite the Lock WARP switch https://developers.cloudflare.com/cloudflare-one/connections/connect-devices/warp/warp-settings/#lock-warp-switch feature
being enabled on Zero Trust Platform. This led to bypassing policies
and restrictions enforced for enrolled devices by the Zero Trust
platform.
We have discovered 180 live websites that are affected by CVE-2022-3337.
Contact us to get more info
Affected Software
| |
---|
Product | Warp |
Category | Web Servers |
Vulnerable Versions | |
Total Vulnerable Versions | 38 |
Vulnerable Domains | 180 live websites (100.00% of Warp install base) |
Common Weakness Enumeration
CWE-862 Missing Authorization
Distribution by Website Rank
The diagram provides a graphic representation of the correlation between the occurrence of CVE-2022-3337 and the relative popularity of websites