Bypassing Zero Trust Security Policies and 'Lock WARP Switch' Feature via warp-cli Subcommands

Bypassing Zero Trust Security Policies and 'Lock WARP Switch' Feature via warp-cli Subcommands

CVE-2022-2225 · HIGH Severity

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

By using warp-cli subcommands (disable-ethernet, disable-wifi), it was possible for a user without admin privileges to bypass configured Zero Trust security policies (e.g. Secure Web Gateway policies) and features such as 'Lock WARP switch'.

Learn more about our Web App Pen Testing.