CVE-2022-3321
Lock WARP switch feature bypass on WARP mobile client for iOSIt was possible to bypass Lock WARP switch feature https://developers.cloudflare.com/cloudflare-one/connections/connect-devices/warp/warp-settings/#lock-warp-switch on the WARP iOS mobile client by enabling both "Disable for cellular networks" and "Disable for Wi-Fi networks" switches at once in the application settings. Such configuration caused the WARP client to disconnect and allowed the user to bypass restrictions and policies enforced by the Zero Trust platform.
We have discovered 180 live websites that are affected by CVE-2022-3321.
Contact us to get more info
Affected Software
| |
---|
Product | Warp |
Category | Web Servers |
Vulnerable Versions | |
Total Vulnerable Versions | 38 |
Vulnerable Domains | 180 live websites (100.00% of Warp install base) |
Common Weakness Enumeration
CWE-862 Missing Authorization
Distribution by Website Rank
The diagram provides a graphic representation of the correlation between the occurrence of CVE-2022-3321 and the relative popularity of websites