Skip to content

Bypassing Cloudflare Zero Trust Secure Web Gateway Policies using warp-cli set-custom-endpoint command

Moderate
mskowroncf published GHSA-3868-hwjx-r5xf Oct 28, 2022

Package

Cloudflare WARP Client (Windows)

Affected versions

<2022.8.857.0

Patched versions

None
Cloudflare WARP Client (Linux)
<2022.8.936
None
Cloudflare WARP Client (MacOS)
<2022.8.861.0
None

Description

Impact

It was possible to bypass policies configured for Zero Trust Secure Web Gateway by using warp-cli 'set-custom-endpoint' subcommand. Using this command with an unreachable endpoint caused the WARP Client to disconnect and allowed bypassing administrative restrictions on a Zero Trust enrolled endpoint.

Patches

Fixed versions (releases):

Windows: 2022.8.857.0
Linux: 2022.8.936
MacOS: 2022.8.861.0

References

Severity

Moderate
6.7
/ 10

CVSS base metrics

Attack vector
Local
Attack complexity
Low
Privileges required
Low
User interaction
Required
Scope
Changed
Confidentiality
None
Integrity
High
Availability
Low
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:N/I:H/A:L

CVE ID

CVE-2022-3320

Weaknesses

No CWEs