CVE-2022-3337
Lock WARP switch bypass by removing VPN profile on iOS mobile client
It was possible for a user to delete a VPN profile from WARP mobile client on iOS platform despite the Lock WARP switch https://developers.cloudflare.com/cloudflare-one/connections/connect-devices/warp/warp-settings/#lock-warp-switch feature being enabled on Zero Trust Platform. This led to bypassing policies and restrictions enforced for enrolled devices by the Zero Trust platform.
We have discovered 180 live websites that are affected by CVE-2022-3337.
Affected Software
| Product |  Warp |
| Category | Web Servers |
| Vulnerable Versions |
|
| Total Vulnerable Versions | 38 |
| Vulnerable Domains | 180 live websites (100.00% of Warp install base) |
Distribution by Website Rank
The diagram provides a graphic representation of the correlation between the occurrence of CVE-2022-3337 and the relative popularity of websitesDetails
- Published - Oct 28, 2022
Credits
- Josh (joshmotionfans) (finder)
CWE
CVE References
CWE References
Countries
 United States | 79 websites |
 Germany | 50 websites |
 France | 11 websites |
 GB | 6 websites |
 Singapore | 5 websites |
 Sweden | 4 websites |
 Australia | 3 websites |
| 2 websites | |
 Canada | 2 websites |
 Switzerland | 2 websites |
TLDs
| .com | 67 websites |
| .de | 27 websites |
| .net | 18 websites |
| .org | 14 websites |
| .io | 9 websites |
| .se | 4 websites |
| .fr | 4 websites |
| .ch | 2 websites |
| .co.uk | 2 websites |
| .info | 2 websites |
Vulnerable Versions
Vulnerable versions are highlighted in redGeographical Distribution
The distribution of websites across the globe that are exposed to CVE-2022-3337 through included software libraries and plugins.Websites affected by CVE-2022-3337
Top websites that are affected by CVE-2022-3337. Please click on the "Contact us" button above to get more information.| Domain | Country | Rank | Contacts |
|---|---|---|---|
| *********.coop | United States | ***,*** | |
| *.****.com | United States | ***,*** | |
| ***.**********.com | United States | ***,*** | |
| **********************.org | GB | ***,*** | |
| **************.se | Sweden | *,***,*** | |
| ***.*************.com | Germany | *,***,*** | |
| ***.***********.com | United States | *,***,*** | |
| *********.org | United States | *,***,*** | |
| *******.de | Germany | *,***,*** | |
| ****.*********.io | France | *,***,*** |