Plattform
rust
Komponente
advisories
Behoben in
2022.5.227.0
2022.5.341.0
2022.5.346
CVE-2022-2225 is a security vulnerability affecting the Cloudflare WARP client. It allows users without administrative privileges to bypass configured Zero Trust security policies and features like the WARP switch lock. This vulnerability impacts versions of Cloudflare WARP client up to and including 2022.5.346. A fix has been released in version 2022.5.346.
The primary impact of CVE-2022-2225 is the circumvention of Cloudflare's Zero Trust security policies within the WARP client. Attackers could potentially bypass Secure Web Gateway policies, allowing users to access untrusted websites or services without proper inspection. This could lead to data exfiltration, malware infection, or other security breaches. The blast radius extends to any organization relying on Cloudflare WARP for enforcing security policies, as it allows users to effectively disable those controls. This vulnerability highlights a potential weakness in client-side security enforcement, as users can override centrally managed policies.
CVE-2022-2225 was publicly disclosed on July 26, 2022. There is no indication of active exploitation campaigns at this time. The vulnerability is not listed on the CISA KEV catalog. Public proof-of-concept (PoC) code is not widely available, but the vulnerability's nature suggests it could be relatively easy to exploit once a PoC is developed.
Organizations heavily reliant on Cloudflare WARP for Zero Trust network access, particularly those with strict security policies enforced through the WARP client, are at risk. Environments where users have access to the warp-cli interface without proper restrictions are also vulnerable.
• linux / server: Monitor WARP client logs for usage of disable-ethernet or disable-wifi commands. Use ps aux | grep warp-cli to identify running instances and their arguments.
journalctl -u warp-cli | grep -i 'disable-ethernet' -i 'disable-wifi'• generic web: Examine WARP client configuration files for any unusual or unauthorized modifications related to network interfaces.
disclosure
Exploit-Status
EPSS
0.04% (14% Perzentil)
CVSS-Vektor
The primary mitigation for CVE-2022-2225 is to upgrade Cloudflare WARP to version 2022.5.346 or later. This version includes a fix that prevents unauthorized bypassing of Zero Trust policies. If immediate upgrading is not possible, consider implementing stricter user access controls and monitoring WARP client activity for suspicious command-line usage. While a direct WAF rule is not applicable, reviewing Cloudflare's security policies and ensuring they are enforced at the network level can provide an additional layer of defense. After upgrading, confirm the fix by attempting to disable Ethernet or Wi-Fi through the warp-cli as a non-admin user; the action should be blocked.
Aktualisieren Sie den Cloudflare WARP Client auf Version 2022.5.227.0, 2022.5.341.0 oder 2022.5.346 oder höher, je nach Bedarf, um die Schwachstelle zu beheben. Dies verhindert, dass Benutzer ohne Administratorrechte konfigurierte Sicherheitsrichtlinien umgehen können.
Schwachstellenanalysen und kritische Warnungen direkt in deinen Posteingang.
CVE-2022-2225 describes a vulnerability in Cloudflare WARP client versions ≤2022.5.346 where users can bypass Zero Trust policies using warp-cli commands.
You are affected if you are using Cloudflare WARP client versions prior to 2022.5.346 and rely on its Zero Trust security policies.
Upgrade your Cloudflare WARP client to version 2022.5.346 or later to resolve this vulnerability.
There is currently no evidence of active exploitation, but the ease of exploitation warrants vigilance.
Refer to the official Cloudflare security advisory for detailed information: https://www.cloudflare.com/learning/security/announcements/warp-client-security-update/
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.
Lade deine Cargo.lock-Datei hoch und wir sagen dir sofort, ob du betroffen bist.