CVE-2022-3322: Lock WARP switch bypass on WARP mobile client using iOS quick action
First published: Fri Oct 28 2022(Updated: )
Lock Warp switch is a feature of Zero Trust platform which, when enabled, prevents users of enrolled devices from disabling WARP client. Due to insufficient policy verification by WARP iOS client, this feature could be bypassed by using the "Disable WARP" quick action.
Credit: cna@cloudflare.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Cloudflare Warp Mobile Client | <6.14 |
Remedy
Upgrade to the specified patched version.
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is CVE-2022-3322?
CVE-2022-3322 is a vulnerability in the Cloudflare Warp Mobile Client that allows users to bypass the Lock Warp switch feature in the Zero Trust platform.
What is the severity of CVE-2022-3322?
CVE-2022-3322 has a severity rating of 7.5 (high).
How does CVE-2022-3322 work?
CVE-2022-3322 works by exploiting insufficient policy verification in the WARP iOS client, allowing users to bypass the 'Disable WARP' quick action.
Which software versions are affected by CVE-2022-3322?
CVE-2022-3322 affects Cloudflare Warp Mobile Client versions up to and excluding 6.14.
Is there a fix for CVE-2022-3322?
It is recommended to update to a version of Cloudflare Warp Mobile Client that is later than 6.14 to fix CVE-2022-3322.
- collector/nvd-index
- agent/weakness
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/remedy
- agent/references
- agent/last-modified-date
- agent/title
- agent/severity
- agent/author
- agent/description
- agent/first-publish-date
- agent/event
- agent/tags
- agent/source
- vendor/cloudflare
- canonical/cloudflare warp mobile client