Cloudflare: >> Warp >> 2022.5.227.0 Security Vulnerabilities
Using warp-cli command "add-trusted-ssid", a user was able to disconnect WARP client and bypass the "Lock WARP switch" feature resulting in Zero Trust policies not being enforced on an affected endpoint.
CVSS Score
6.7
EPSS Score
0.0
Published
2022-10-28
It was possible to bypass policies configured for Zero Trust Secure Web Gateway by using warp-cli 'set-custom-endpoint' subcommand. Using this command with an unreachable endpoint caused the WARP Client to disconnect and allowed bypassing administrative restrictions on a Zero Trust enrolled endpoint.
CVSS Score
6.7
EPSS Score
0.0
Published
2022-10-28