Bypassing VPN Profile Deletion Restrictions on WARP Mobile Client for iOS

Bypassing VPN Profile Deletion Restrictions on WARP Mobile Client for iOS

CVE-2022-3337 · HIGH Severity

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:L

It was possible for a user to delete a VPN profile from WARP mobile client on iOS platform despite the Lock WARP switch https://developers.cloudflare.com/cloudflare-one/connections/connect-devices/warp/warp-settings/#lock-warp-switch  feature being enabled on Zero Trust Platform. This led to bypassing policies and restrictions enforced for enrolled devices by the Zero Trust platform.

Learn more about our Cis Benchmark Audit For Apple Ios.