Headline
CVE-2022-2225
By using warp-cli subcommands (disable-ethernet, disable-wifi), it was possible for a user without admin privileges to bypass configured Zero Trust security policies (e.g. Secure Web Gateway policies) and features such as 'Lock WARP switch’.
Zero Trust Secure Web Gateway policies bypass using WARP client subcommands
Package
Cloudflare WARP Client (Windows)
Affected versions
<2022.5.341.0
Patched versions
2022.5.341.0
Cloudflare WARP Client (Linux)
Cloudflare WARP Client (MacOS)
Description
Impact
By using warp-cli subcommands (disable-ethernet, disable-wifi), it was possible for a user without admin privileges to bypass configured Zero Trust security policies (e.g. Secure Web Gateway policies) and features such as 'Lock WARP switch’.
The issue concerns WARP clients enrolled in Zero Trust organisation mode.
Patches
Fixed versions:
- Windows: 2022.5.341.0
- Linux: 2022.5.346
- MacOS: 2022.5.227.0
References
- Cloudflare WARP releases for Linux
- Cloudflare WARP releases for MacOS
- Cloudflare WARP releases for