Vulnerability Details CVE-2022-3337
It was possible for a user to delete a VPN profile from WARP mobile client on iOS platform despite the Lock WARP switch https://developers.cloudflare.com/cloudflare-one/connections/connect-devices/warp/warp-settings/#lock-warp-switch feature
being enabled on Zero Trust Platform. This led to bypassing policies
and restrictions enforced for enrolled devices by the Zero Trust
platform.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.0
EPSS Ranking 3.6%
CVSS Severity
CVSS v3 Score 6.7
References
Products affected by CVE-2022-3337
-
cpe:2.3:a:cloudflare:warp_mobile_client:4.4
-
cpe:2.3:a:cloudflare:warp_mobile_client:4.5
-
cpe:2.3:a:cloudflare:warp_mobile_client:5.0
-
cpe:2.3:a:cloudflare:warp_mobile_client:5.1
-
cpe:2.3:a:cloudflare:warp_mobile_client:5.2
-
cpe:2.3:a:cloudflare:warp_mobile_client:5.3
-
cpe:2.3:a:cloudflare:warp_mobile_client:5.4
-
cpe:2.3:a:cloudflare:warp_mobile_client:5.5
-
cpe:2.3:a:cloudflare:warp_mobile_client:6.0
-
cpe:2.3:a:cloudflare:warp_mobile_client:6.1
-
cpe:2.3:a:cloudflare:warp_mobile_client:6.10
-
cpe:2.3:a:cloudflare:warp_mobile_client:6.11
-
cpe:2.3:a:cloudflare:warp_mobile_client:6.12
-
cpe:2.3:a:cloudflare:warp_mobile_client:6.13
-
cpe:2.3:a:cloudflare:warp_mobile_client:6.14
-
cpe:2.3:a:cloudflare:warp_mobile_client:6.2
-
cpe:2.3:a:cloudflare:warp_mobile_client:6.3
-
cpe:2.3:a:cloudflare:warp_mobile_client:6.4
-
cpe:2.3:a:cloudflare:warp_mobile_client:6.5
-
cpe:2.3:a:cloudflare:warp_mobile_client:6.6
-
cpe:2.3:a:cloudflare:warp_mobile_client:6.7
-
cpe:2.3:a:cloudflare:warp_mobile_client:6.8
-
cpe:2.3:a:cloudflare:warp_mobile_client:6.9