Vulnerabilities > CVE-2022-2225 - Unspecified vulnerability in Cloudflare Warp

CVSS 7.8 - HIGH

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

local

low complexity

cloudflare

NVD

Published: 2022-07-26

Updated: 2022-08-01

Summary

By using warp-cli subcommands (disable-ethernet, disable-wifi), it was possible for a user without admin privileges to bypass configured Zero Trust security policies (e.g. Secure Web Gateway policies) and features such as 'Lock WARP switch'.

Vulnerable Configurations

Part	Description	Count
Application	Cloudflare Cloudflare Warp * Cloudflare Warp 1.2.1386 Cloudflare Warp 1.2.1387 Cloudflare Warp 1.2.1441 Cloudflare Warp 1.2.1442 Cloudflare Warp 1.2.1444 Cloudflare Warp 1.2.1445 Cloudflare Warp 1.2.1467 Cloudflare Warp 1.2.1522 Cloudflare Warp 1.2.1523 Cloudflare Warp 1.2.1563 Cloudflare Warp 1.2.1564 Cloudflare Warp 1.2.1590 Cloudflare Warp 1.2.1591 Cloudflare Warp 1.2.1866 Cloudflare Warp 1.2.1924 Cloudflare Warp 1.2.1989 Cloudflare Warp 1.2.2240 Cloudflare Warp 1.2.2278 Cloudflare Warp 1.3.58 Cloudflare Warp 1.3.206 Cloudflare Warp 1.4.27 Cloudflare Warp 1.4.34 Cloudflare Warp 1.4.106 Cloudflare Warp 1.5.148.0 Cloudflare Warp 1.5.207.0 Cloudflare Warp 1.5.294.0 Cloudflare Warp 1.5.463.0 Cloudflare Warp 1.6.27.0 Cloudflare Warp 2021.11.281.0 Cloudflare Warp 2021.12.1.0 Cloudflare Warp 2022.2.69.0 Cloudflare Warp 2022.2.248.0 Cloudflare Warp 2022.3.36.0 Cloudflare Warp 2022.3.187.0 Cloudflare Warp 2022.4.114.0 Cloudflare Warp - Cloudflare Warp 1.2.2544.0 Cloudflare Warp 1.2.2695.1 Cloudflare Warp 1.2.2834.0 Cloudflare Warp 1.2.2866.0 Cloudflare Warp 1.3.184.0 Cloudflare Warp 1.4.25.0 Cloudflare Warp 1.4.33.0 Cloudflare Warp 1.4.107.0 Cloudflare Warp 1.5.147.0 Cloudflare Warp 1.5.206.0 Cloudflare Warp 1.5.295.0 Cloudflare Warp 1.5.461.0 Cloudflare Warp 1.6.28.0 Cloudflare Warp 2021.11.155.0 Cloudflare Warp 2021.11.276.0 Cloudflare Warp 2021.12.2.0 Cloudflare Warp 2022.2.95.0 Cloudflare Warp 2022.2.247.0 Cloudflare Warp 2022.3.63.0 Cloudflare Warp 2022.3.186.0 Cloudflare Warp 2022.4.115.0 Cloudflare Warp 2022.5.226.0 Cloudflare Warp 2022.5.309.0	60

References

https://github.com/cloudflare/advisories/security/advisories/GHSA-cg88-vx48-976c