CVE-2022-2225 - Vulnerability Details - OpenCVE

By using warp-cli subcommands (disable-ethernet, disable-wifi), it was possible for a user without admin privileges to bypass configured Zero Trust security policies (e.g. Secure Web Gateway policies) and features such as 'Lock WARP switch'.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Changed

Confidentiality Impact Low

Integrity Impact High

Availability Impact High

User Interaction Required

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00045.

Key SSVC decision points have not yet been added.

Vendors	Products
Cloudflare	Warp

Configuration 1 [-]

OR	cpe:2.3:a:cloudflare:warp::::::macos::*
	cpe:2.3:a:cloudflare:warp::::::windows::*
	cpe:2.3:a:cloudflare:warp::::::linux::*

No data.

No data.

Advisories

Source	ID	Title
EUVD	EUVD-2022-34505	By using warp-cli subcommands (disable-ethernet, disable-wifi), it was possible for a user without admin privileges to bypass configured Zero Trust security policies (e.g. Secure Web Gateway policies) and features such as 'Lock WARP switch'.

Fixes

Solution

Upgrade WARP Client to the non-vulnerable version.

Workaround

No workaround given by the vendor.

References

Link	Providers
https://github.com/cloudflare/advisories/security/advisories/GHSA-cg88-vx48-976c

History

No history.

MITRE

Status: PUBLISHED

Assigner: cloudflare

Published: 2022-07-26T11:35:10

Updated: 2024-08-03T00:32:09.058Z

Reserved: 2022-06-27T00:00:00

Link: CVE-2022-2225

Vulnrichment

No data.

NVD

Status : Modified

Published: 2022-07-26T12:15:08.203

Modified: 2024-11-21T07:00:34.523

Link: CVE-2022-2225

Redhat

No data.

OpenCVE Enrichment

No data.

{"containers": {"cna": {"affected": [{"platforms": ["Windows"], "product": "WARP", "vendor": "Cloudflare", "versions": [{"lessThan": "2022.5.341.0", "status": "affected", "version": "unspecified", "versionType": "custom"}]}, {"platforms": ["Linux"], "product": "WARP", "vendor": "Cloudflare", "versions": [{"lessThan": "2022.5.346", "status": "affected", "version": "unspecified", "versionType": "custom"}]}, {"platforms": ["MacOS"], "product": "WARP", "vendor": "Cloudflare", "versions": [{"lessThan": "2022.5.227.0", "status": "affected", "version": "unspecified", "versionType": "custom"}]}], "configurations": [{"lang": "en", "value": "WARP client enrolled in the Zero Trust mode."}], "descriptions": [{"lang": "en", "value": "By using warp-cli subcommands (disable-ethernet, disable-wifi), it was possible for a user without admin privileges to bypass configured Zero Trust security policies (e.g. Secure Web Gateway policies) and features such as 'Lock WARP switch'."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:L/I:H/A:H", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-284", "description": "CWE-284 Improper Access Control", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2022-07-26T11:35:10", "orgId": "a22f1246-ba21-4bb4-a601-ad51614c1513", "shortName": "cloudflare"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://github.com/cloudflare/advisories/security/advisories/GHSA-cg88-vx48-976c"}], "solutions": [{"lang": "en", "value": "Upgrade WARP Client to the non-vulnerable version."}], "source": {"discovery": "EXTERNAL"}, "title": "Zero Trust Secure Web Gateway policies bypass using WARP client subcommands ", "x_generator": {"engine": "Vulnogram 0.0.9"}, "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cna@cloudflare.com", "ID": "CVE-2022-2225", "STATE": "PUBLIC", "TITLE": "Zero Trust Secure Web Gateway policies bypass using WARP client subcommands "}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "WARP", "version": {"version_data": [{"platform": "Windows", "version_affected": "<", "version_value": "2022.5.341.0"}]}}, {"product_name": "WARP", "version": {"version_data": [{"platform": "Linux", "version_affected": "<", "version_value": "2022.5.346"}]}}, {"product_name": "WARP", "version": {"version_data": [{"platform": "MacOS", "version_affected": "<", "version_value": "2022.5.227.0"}]}}]}, "vendor_name": "Cloudflare"}]}}, "configuration": [{"lang": "en", "value": "WARP client enrolled in the Zero Trust mode."}], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "By using warp-cli subcommands (disable-ethernet, disable-wifi), it was possible for a user without admin privileges to bypass configured Zero Trust security policies (e.g. Secure Web Gateway policies) and features such as 'Lock WARP switch'."}]}, "generator": {"engine": "Vulnogram 0.0.9"}, "impact": {"cvss": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:L/I:H/A:H", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-284 Improper Access Control"}]}]}, "references": {"reference_data": [{"name": "https://github.com/cloudflare/advisories/security/advisories/GHSA-cg88-vx48-976c", "refsource": "MISC", "url": "https://github.com/cloudflare/advisories/security/advisories/GHSA-cg88-vx48-976c"}]}, "solution": [{"lang": "en", "value": "Upgrade WARP Client to the non-vulnerable version."}], "source": {"discovery": "EXTERNAL"}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T00:32:09.058Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/cloudflare/advisories/security/advisories/GHSA-cg88-vx48-976c"}]}]}, "cveMetadata": {"assignerOrgId": "a22f1246-ba21-4bb4-a601-ad51614c1513", "assignerShortName": "cloudflare", "cveId": "CVE-2022-2225", "datePublished": "2022-07-26T11:35:10", "dateReserved": "2022-06-27T00:00:00", "dateUpdated": "2024-08-03T00:32:09.058Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:cloudflare:warp:*:*:*:*:*:macos:*:*", "matchCriteriaId": "BCB4C0A7-AAC5-413E-8263-E86CF6AA5A93", "versionEndExcluding": "2022.5.227.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:cloudflare:warp:*:*:*:*:*:windows:*:*", "matchCriteriaId": "5BBAFA8D-0163-423D-9B00-CB329AF44B10", "versionEndExcluding": "2022.5.341.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:cloudflare:warp:*:*:*:*:*:linux:*:*", "matchCriteriaId": "3C0F6F26-5CB2-4B41-8361-810C506D0AA4", "versionEndExcluding": "2022.5.346", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "By using warp-cli subcommands (disable-ethernet, disable-wifi), it was possible for a user without admin privileges to bypass configured Zero Trust security policies (e.g. Secure Web Gateway policies) and features such as 'Lock WARP switch'."}, {"lang": "es", "value": "Mediante el uso de los subcomandos de warp-cli (disable-ethernet, disable-wifi), era posible a un usuario no privilegiado de administrador omitir las pol\u00edticas de seguridad configuradas de Zero Trust (por ejemplo, las pol\u00edticas de Secure Web Gateway) y funciones como \"Lock WARP switch\"."}], "id": "CVE-2022-2225", "lastModified": "2024-11-21T07:00:34.523", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:L/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.5, "impactScore": 6.0, "source": "cna@cloudflare.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-07-26T12:15:08.203", "references": [{"source": "cna@cloudflare.com", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/cloudflare/advisories/security/advisories/GHSA-cg88-vx48-976c"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/cloudflare/advisories/security/advisories/GHSA-cg88-vx48-976c"}], "sourceIdentifier": "cna@cloudflare.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-284"}], "source": "cna@cloudflare.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}