exploitDog

CVE-2022-3322

Опубликовано: 28 окт. 2022

Источник: nvd

CVSS3: 6.7

CVSS3: 7.5

EPSS Низкий

Описание

Lock Warp switch is a feature of Zero Trust platform which, when enabled, prevents users of enrolled devices from disabling WARP client. Due to insufficient policy verification by WARP iOS client, this feature could be bypassed by using the "Disable WARP" quick action.

Ссылки

https://github.com/cloudflare/advisories/security/advisories/GHSA-76pg-rp9h-wmcj
Third Party Advisory
https://github.com/cloudflare/advisories/security/advisories/GHSA-76pg-rp9h-wmcj
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:cloudflare:warp_mobile_client:*:*:*:*:*:iphone_os:*:*

Версия до 6.14 (исключая)

EPSS

Процентиль: 21%

0.00068

Низкий

6.7 Medium

CVSS3

7.5 High

CVSS3

Дефекты

CWE-862

CWE-347

EPSS

Процентиль: 21%

0.00068

Низкий

6.7 Medium

CVSS3

7.5 High

CVSS3

Дефекты

CWE-862

CWE-347