CVE-2022-3321

MEDIUM

Cloudflare WARP Mobile Client < 6.14 - Missing Authorization via Lock WARP Switch Bypass

Title source: llm
STIX 2.1

Description

It was possible to bypass Lock WARP switch feature https://developers.cloudflare.com/cloudflare-one/connections/connect-devices/warp/warp-settings/#lock-warp-switch  on the WARP iOS mobile client by enabling both "Disable for cellular networks" and "Disable for Wi-Fi networks" switches at once in the application settings. Such configuration caused the WARP client to disconnect and allowed the user to bypass restrictions and policies enforced by the Zero Trust platform.

References (1)

Core 1

Scores

CVSS v3 6.7
EPSS 0.0037
EPSS Percentile 29.0%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:N/I:H/A:L

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact partial

Details

CWE
CWE-862
Status published
Products (1)
cloudflare/warp_mobile_client < 6.14
Published Oct 28, 2022
Tracked Since Feb 18, 2026