CVE-2022-3320
Bypassing Cloudflare Zero Trust policies using warp-cli set-custom-endpoint command
Severity Score
9.8
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
It was possible to bypass policies configured for Zero Trust Secure Web Gateway by using warp-cli 'set-custom-endpoint' subcommand. Using this command with an unreachable endpoint caused the WARP Client to disconnect and allowed bypassing administrative restrictions on a Zero Trust enrolled endpoint.
Era posible omitir las políticas configuradas para Zero Trust Secure Web Gateway mediante el subcomando warp-cli 'set-custom-endpoint'. El uso de este comando con un punto final inalcanzable provocó que el cliente WARP se desconectara y permitió eludir las restricciones administrativas en un punto final inscrito en Zero Trust.
*Credits:
suzuka (HackerOne researcher)
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2022-09-26 CVE Reserved
- 2022-10-28 CVE Published
- 2024-05-20 EPSS Updated
- 2024-08-03 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-862: Missing Authorization
CAPEC
- CAPEC-122: Privilege Abuse
- CAPEC-554: Functionality Bypass
References (1)
| URL | Tag | Source |
|---|---|---|
| https://github.com/cloudflare/advisories/security/advisories/GHSA-3868-hwjx-r5xf | Third Party Advisory |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Cloudflare Search vendor "Cloudflare" | Warp Search vendor "Cloudflare" for product "Warp" | < 2022.8.857.0 Search vendor "Cloudflare" for product "Warp" and version " < 2022.8.857.0" | windows |
Affected
| ||||||
| Cloudflare Search vendor "Cloudflare" | Warp Search vendor "Cloudflare" for product "Warp" | < 2022.8.861.0 Search vendor "Cloudflare" for product "Warp" and version " < 2022.8.861.0" | macos |
Affected
| ||||||
| Cloudflare Search vendor "Cloudflare" | Warp Search vendor "Cloudflare" for product "Warp" | < 2022.8.936 Search vendor "Cloudflare" for product "Warp" and version " < 2022.8.936" | linux_kernel |
Affected
| ||||||