CVE-2022-3337 - Vulnerability Details - OpenCVE

It was possible for a user to delete a VPN profile from WARP mobile client on iOS platform despite the Lock WARP switch https://developers.cloudflare.com/cloudflare-one/connections/connect-devices/warp/warp-settings/#lock-warp-switch feature being enabled on Zero Trust Platform. This led to bypassing policies and restrictions enforced for enrolled devices by the Zero Trust platform.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Changed

Confidentiality Impact None

Integrity Impact High

Availability Impact Low

User Interaction Required

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact partial

Vendors	Products
Cloudflare	Warp Mobile Client

Configuration 1 [-]

cpe:2.3:a:cloudflare:warp_mobile_client:*:*:*:*:*:iphone_os:*:*

No data.

References

Link	Providers
https://github.com/cloudflare/advisories/security/advisories/GHSA-vr93-4vx7-332p

History

Tue, 06 May 2025 18:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

MITRE

Status: PUBLISHED

Assigner: cloudflare

Published: 2022-10-28T09:25:31.596Z

Updated: 2025-05-06T17:41:15.374Z

Reserved: 2022-09-27T10:25:13.653Z

Link: CVE-2022-3337

Vulnrichment

Updated: 2024-08-03T01:07:06.580Z

NVD

Status : Modified

Published: 2022-10-28T10:15:17.563

Modified: 2024-11-21T07:19:19.430

Link: CVE-2022-3337

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2022-3337", "assignerOrgId": "a22f1246-ba21-4bb4-a601-ad51614c1513", "state": "PUBLISHED", "assignerShortName": "cloudflare", "requesterUserId": "25b7b156-39bf-4f6b-8c25-8bc69c5c5e82", "dateReserved": "2022-09-27T10:25:13.653Z", "datePublished": "2022-10-28T09:25:31.596Z", "dateUpdated": "2025-05-06T17:41:15.374Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "platforms": ["iOS"], "product": "WARP", "vendor": "Cloudflare", "versions": [{"lessThan": "6.15", "status": "affected", "version": "0", "versionType": "semver"}]}], "configurations": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Endpoint enrolled on Cloudflare Zero Trust (Cloudflare One)<br>"}], "value": "Endpoint enrolled on Cloudflare Zero Trust (Cloudflare One)\n"}], "credits": [{"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "Josh (joshmotionfans)"}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<div><p>It was possible for a user to delete a VPN profile from WARP mobile client on iOS platform despite the <a target=\"_blank\" rel=\"nofollow\" href=\"https://developers.cloudflare.com/cloudflare-one/connections/connect-devices/warp/warp-settings/#lock-warp-switch\">Lock WARP switch</a> feature\n being enabled on Zero Trust Platform. This led to bypassing policies \nand restrictions enforced for enrolled devices by the Zero Trust \nplatform.</p></div>"}], "value": "It was possible for a user to delete a VPN profile from WARP mobile client on iOS platform despite the Lock WARP switch https://developers.cloudflare.com/cloudflare-one/connections/connect-devices/warp/warp-settings/#lock-warp-switch \u00a0feature\n being enabled on Zero Trust Platform. This led to bypassing policies \nand restrictions enforced for enrolled devices by the Zero Trust \nplatform.\n\n\n\n"}], "impacts": [{"capecId": "CAPEC-122", "descriptions": [{"lang": "en", "value": "CAPEC-122 Privilege Abuse"}]}, {"capecId": "CAPEC-554", "descriptions": [{"lang": "en", "value": "CAPEC-554 Functionality Bypass"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 6.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:N/I:H/A:L", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-862", "description": "CWE-862 Missing Authorization", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "a22f1246-ba21-4bb4-a601-ad51614c1513", "shortName": "cloudflare", "dateUpdated": "2022-10-28T09:25:31.596Z"}, "references": [{"url": "https://github.com/cloudflare/advisories/security/advisories/GHSA-vr93-4vx7-332p"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Upgrade to specified patched version.<br>"}], "value": "Upgrade to specified patched version.\n"}], "source": {"advisory": "GHSA-vr93-4vx7-332p", "discovery": "EXTERNAL"}, "title": "Lock WARP switch bypass by removing VPN profile on iOS mobile client", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T01:07:06.580Z"}, "title": "CVE Program Container", "references": [{"url": "https://github.com/cloudflare/advisories/security/advisories/GHSA-vr93-4vx7-332p", "tags": ["x_transferred"]}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-05-06T17:39:14.427525Z", "id": "CVE-2022-3337", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-05-06T17:41:15.374Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://github.com/cloudflare/advisories/security/advisories/GHSA-vr93-4vx7-332p", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T01:07:06.580Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2022-3337", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-05-06T17:39:14.427525Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-05-06T17:41:07.195Z"}}], "cna": {"title": "Lock WARP switch bypass by removing VPN profile on iOS mobile client", "source": {"advisory": "GHSA-vr93-4vx7-332p", "discovery": "EXTERNAL"}, "credits": [{"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "Josh (joshmotionfans)"}], "impacts": [{"capecId": "CAPEC-122", "descriptions": [{"lang": "en", "value": "CAPEC-122 Privilege Abuse"}]}, {"capecId": "CAPEC-554", "descriptions": [{"lang": "en", "value": "CAPEC-554 Functionality Bypass"}]}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 6.7, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:N/I:H/A:L", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Cloudflare", "product": "WARP", "versions": [{"status": "affected", "version": "0", "lessThan": "6.15", "versionType": "semver"}], "platforms": ["iOS"], "defaultStatus": "unaffected"}], "solutions": [{"lang": "en", "value": "Upgrade to specified patched version.\n", "supportingMedia": [{"type": "text/html", "value": "Upgrade to specified patched version.<br>", "base64": false}]}], "references": [{"url": "https://github.com/cloudflare/advisories/security/advisories/GHSA-vr93-4vx7-332p"}], "x_generator": {"engine": "Vulnogram 0.1.0-dev"}, "descriptions": [{"lang": "en", "value": "It was possible for a user to delete a VPN profile from WARP mobile client on iOS platform despite the Lock WARP switch https://developers.cloudflare.com/cloudflare-one/connections/connect-devices/warp/warp-settings/#lock-warp-switch \u00a0feature\n being enabled on Zero Trust Platform. This led to bypassing policies \nand restrictions enforced for enrolled devices by the Zero Trust \nplatform.\n\n\n\n", "supportingMedia": [{"type": "text/html", "value": "<div><p>It was possible for a user to delete a VPN profile from WARP mobile client on iOS platform despite the <a target=\"_blank\" rel=\"nofollow\" href=\"https://developers.cloudflare.com/cloudflare-one/connections/connect-devices/warp/warp-settings/#lock-warp-switch\">Lock WARP switch</a> feature\n being enabled on Zero Trust Platform. This led to bypassing policies \nand restrictions enforced for enrolled devices by the Zero Trust \nplatform.</p></div>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-862", "description": "CWE-862 Missing Authorization"}]}], "configurations": [{"lang": "en", "value": "Endpoint enrolled on Cloudflare Zero Trust (Cloudflare One)\n", "supportingMedia": [{"type": "text/html", "value": "Endpoint enrolled on Cloudflare Zero Trust (Cloudflare One)<br>", "base64": false}]}], "providerMetadata": {"orgId": "a22f1246-ba21-4bb4-a601-ad51614c1513", "shortName": "cloudflare", "dateUpdated": "2022-10-28T09:25:31.596Z"}}}, "cveMetadata": {"cveId": "CVE-2022-3337", "state": "PUBLISHED", "dateUpdated": "2025-05-06T17:41:15.374Z", "dateReserved": "2022-09-27T10:25:13.653Z", "assignerOrgId": "a22f1246-ba21-4bb4-a601-ad51614c1513", "datePublished": "2022-10-28T09:25:31.596Z", "requesterUserId": "25b7b156-39bf-4f6b-8c25-8bc69c5c5e82", "assignerShortName": "cloudflare"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:cloudflare:warp_mobile_client:*:*:*:*:*:iphone_os:*:*", "matchCriteriaId": "AFA71DEA-72C1-471B-9F1D-CB58C8F7FBD9", "versionEndExcluding": "6.15", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "It was possible for a user to delete a VPN profile from WARP mobile client on iOS platform despite the Lock WARP switch https://developers.cloudflare.com/cloudflare-one/connections/connect-devices/warp/warp-settings/#lock-warp-switch \u00a0feature\n being enabled on Zero Trust Platform. This led to bypassing policies \nand restrictions enforced for enrolled devices by the Zero Trust \nplatform.\n\n\n\n"}, {"lang": "es", "value": "Un usuario pod\u00eda eliminar un perfil VPN del cliente m\u00f3vil WARP en la plataforma iOS a pesar del interruptor Lock WARP https://developers.cloudflare.com/cloudflare-one/connections/connect-devices/warp/warp-settings/# La funci\u00f3n lock-warp-switch est\u00e1 habilitada en Zero Trust Platform. Esto llev\u00f3 a eludir las pol\u00edticas y restricciones impuestas a los dispositivos inscritos por la plataforma Zero Trust."}], "id": "CVE-2022-3337", "lastModified": "2024-11-21T07:19:19.430", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 6.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:N/I:H/A:L", "version": "3.1"}, "exploitabilityScore": 1.5, "impactScore": 4.7, "source": "[email protected]", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 8.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:L", "version": "3.1"}, "exploitabilityScore": 3.1, "impactScore": 4.7, "source": "[email protected]", "type": "Primary"}]}, "published": "2022-10-28T10:15:17.563", "references": [{"source": "[email protected]", "tags": ["Third Party Advisory"], "url": "https://github.com/cloudflare/advisories/security/advisories/GHSA-vr93-4vx7-332p"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://github.com/cloudflare/advisories/security/advisories/GHSA-vr93-4vx7-332p"}], "sourceIdentifier": "[email protected]", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-862"}], "source": "[email protected]", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-290"}, {"lang": "en", "value": "CWE-862"}], "source": "[email protected]", "type": "Primary"}]}