CVE-2023-3747

Insufficient Validation on Override Codes for Always-Enabled WARP Mode

Severity Score

5.5

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

Track

*SSVC

Descriptions

Zero Trust Administrators have the ability to disallow end users from disabling WARP on their devices. Override codes can also be created by the Administrators to allow a device to temporarily be disconnected from WARP, however, due to lack of server side validation, an attacker with local access to the device, could extend the maximum allowed disconnected time of WARP client granted by an override code by changing the date & time on the local device where WARP is running.

Los Administradores de Zero Trust tienen la capacidad de impedir que los usuarios finales deshabiliten WARP en sus dispositivos. Los administradores también pueden crear códigos de anulación para permitir que un dispositivo se desconecte temporalmente de WARP, sin embargo, debido a la falta de validación del lado del servidor, un atacante con acceso local al dispositivo podría extender el tiempo máximo permitido de desconexión del cliente WARP otorgado por un código de anulación cambiando la fecha y hora en el dispositivo local donde se ejecuta warp.

*Credits: N/A

CVSS Scores

NISTv3.1 5.5

Attack Vector

Local

Attack Complexity

Low

Privileges Required

None

User Interaction

Required

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

* Common Vulnerability Scoring System

SSVC

Decision:Track

Exploitation

None

Automatable

Tech. Impact

Partial

* Organization's Worst-case Scenario

Timeline

2023-07-18 CVE Reserved
2023-09-07 CVE Published
2024-09-26 CVE Updated
2024-10-09 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-565: Reliance on Cookies without Validation and Integrity Checking
CWE-602: Client-Side Enforcement of Server-Side Security

CAPEC

CAPEC-207: Removing Important Client Functionality

References (2)

URL	Tag	Source
https://developers.cloudflare.com/cloudflare-one/connections/connect-devices/warp/configure-warp/warp-settings/#retrieve-the-override-code	Related
https://play.google.com/store/apps/details?id=com.cloudflare.onedotonedotonedotone	Product

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Cloudflare Search vendor "Cloudflare"		Warp Search vendor "Cloudflare" for product "Warp"				6.29 Search vendor "Cloudflare" for product "Warp" and version "6.29"		android		Affected