CVE-2022-3512


Lock WARP switch bypass using warp-cli 'add-trusted-ssid' command

Using warp-cli command "add-trusted-ssid", a user was able to disconnect WARP client and bypass the "Lock WARP switch" feature resulting in Zero Trust policies not being enforced on an affected endpoint.


We have discovered 180 live websites that are affected by CVE-2022-3512.

Contact us to get more info



Affected Software

Product  Warp
Category Web Servers
Vulnerable Versions
  • from 0 before 2022.8.857
Total Vulnerable Versions38
Vulnerable Domains180 live websites (100.00% of Warp install base)


Common Weakness Enumeration


CWE-862 Missing Authorization


Distribution by Website Rank

The diagram provides a graphic representation of the correlation between the occurrence of CVE-2022-3512 and the relative popularity of websites


Details

  • Published - Oct 28, 2022
  • Updated - Oct 28, 2022

Credits

  • Josh (joshmotionfans) (finder)





Countries

United States79 websites


Germany50 websites
France11 websites
GB6 websites
Singapore5 websites
Sweden4 websites
Australia3 websites
2 websites
Canada2 websites
Switzerland2 websites

TLDs

.com67 websites
.de27 websites
.net18 websites
.org14 websites
.io9 websites
.se4 websites
.fr4 websites
.ch2 websites
.co.uk2 websites
.info2 websites

Vulnerable Versions

Vulnerable versions are highlighted in red


Geographical Distribution

The distribution of websites across the globe that are exposed to CVE-2022-3512 through included software libraries and plugins.



References


Websites affected by CVE-2022-3512

Top websites that are affected by CVE-2022-3512. Please click on the "Contact us" button above to get more information.
DomainCountryRankContacts
*********.coop United States***,***
*.****.com United States***,***
***.**********.com United States***,***
**********************.org GB***,***
**************.se Sweden*,***,***
***.*************.com Germany*,***,***
***.***********.com United States*,***,***
*********.org United States*,***,***
*******.de Germany*,***,***
****.*********.io France*,***,***
See full domain list