Strix
26.1K

CVE-2022-2225

HIGHCVSS 7.8/10EPSS 0.18%

Last modified

CVE-2022-2225 is a high-severity vulnerability rated 7.8/10 on the CVSS scale. By using warp-cli subcommands (disable-ethernet, disable-wifi), it was possible for a user without admin privileges to bypass configured Zero Trust security policies (e.g. Secure Web Gateway policies) and features such as 'Lock WARP switch'.. EPSS estimates a 0.18% chance of exploitation in the next 30 days.

Description

By using warp-cli subcommands (disable-ethernet, disable-wifi), it was possible for a user without admin privileges to bypass configured Zero Trust security policies (e.g. Secure Web Gateway policies) and features such as 'Lock WARP switch'.

Metrics

CVSS 3.1
7.8/10

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS Probability
0.18%

8.3th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

Affected Software

VendorProductVersions
CloudflareWarp< 2022.5.227.0
CloudflareWarp< 2022.5.341.0
CloudflareWarp< 2022.5.346

References

Timeline

Published
Last Modified
Status
Modified

Frequently Asked Questions

What is CVE-2022-2225?
By using warp-cli subcommands (disable-ethernet, disable-wifi), it was possible for a user without admin privileges to bypass configured Zero Trust security policies (e.g. Secure Web Gateway policies) and features such as 'Lock WARP switch'.
How severe is CVE-2022-2225?
CVE-2022-2225 has a CVSS score of 7.8/10 (HIGH severity). The EPSS model estimates a 0.18% probability of exploitation in the next 30 days.
How do I fix CVE-2022-2225?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2022-2225?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST