CVE-2022-3322

{"id": "CVE-2022-3322", "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 3.9}, {"type": "Secondary", "source": "cna@cloudflare.com", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 6.7, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:N/I:H/A:L", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 4.7, "exploitabilityScore": 1.5}]}, "published": "2022-10-28T10:15:17.277", "references": [{"url": "https://github.com/cloudflare/advisories/security/advisories/GHSA-76pg-rp9h-wmcj", "tags": ["Third Party Advisory"], "source": "cna@cloudflare.com"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-347"}]}, {"type": "Secondary", "source": "cna@cloudflare.com", "description": [{"lang": "en", "value": "CWE-862"}]}], "descriptions": [{"lang": "en", "value": "Lock Warp switch is a feature of Zero Trust platform which, when\n enabled, prevents users of enrolled devices from disabling WARP client.\n Due to insufficient policy verification by WARP iOS client, this \nfeature could be bypassed by using the \"Disable WARP\" quick action.\n\n\n\n"}, {"lang": "es", "value": "El interruptor Lock Warp es una caracter\u00edstica de la plataforma Zero Trust que, cuando est\u00e1 habilitada, evita que los usuarios de dispositivos registrados deshabiliten el cliente WARP. Debido a una verificaci\u00f3n insuficiente de la pol\u00edtica por parte del cliente WARP iOS, esta caracter\u00edstica podr\u00eda omitirse mediante la acci\u00f3n r\u00e1pida \"\"Desactivar WARP\"\"."}], "lastModified": "2023-11-07T03:51:06.730", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:cloudflare:warp_mobile_client:*:*:*:*:*:iphone_os:*:*", "vulnerable": true, "matchCriteriaId": "1150BB9C-25CC-4DD9-9CEB-C5B30AA39D1C", "versionEndExcluding": "6.14"}], "operator": "OR"}]}], "sourceIdentifier": "cna@cloudflare.com"}