Cloudflare: >> Warp >> 1.2.1386 Security Vulnerabilities
Using warp-cli command "add-trusted-ssid", a user was able to disconnect WARP client and bypass the "Lock WARP switch" feature resulting in Zero Trust policies not being enforced on an affected endpoint.
CVSS Score
6.7
EPSS Score
0.0
Published
2022-10-28
It was possible to bypass policies configured for Zero Trust Secure Web Gateway by using warp-cli 'set-custom-endpoint' subcommand. Using this command with an unreachable endpoint caused the WARP Client to disconnect and allowed bypassing administrative restrictions on a Zero Trust enrolled endpoint.
CVSS Score
6.7
EPSS Score
0.0
Published
2022-10-28
By using warp-cli subcommands (disable-ethernet, disable-wifi), it was possible for a user without admin privileges to bypass configured Zero Trust security policies (e.g. Secure Web Gateway policies) and features such as 'Lock WARP switch'.
CVSS Score
8.1
EPSS Score
0.0
Published
2022-07-26